City of Baltimore Suffers Second Ransomware Attack in 14 Months

A ransomware attack on the City of Baltimore has forced the city to take most of its servers offline. This is the second such attack to hit the city in a little over a year. Baltimore suffered a similar attack in March 2018. In that attack, it’s 911 and 311 systems were taken out of action due to ransomware file encryption.

The latest incident has not affected the 911 and 311 systems nor its core essential services, although many other systems used by the city have either been affected or taken offline as a precaution to limit the harm caused.

The attack started on the morning of Tuesday, May 7. A spokesperson for the city has confirmed that encrypted files are being recovered from backups and no ransom will be paid to the attackers. It is currently unclear how long the recovery process will take, but at present there are email and phone outages and some city services have been crippled.

The full extent of the attack is not yet known but the city has temporarily lost the ability to accept electronic payments of bills for services such as water. The Mayor has confirmed that fines for late payment will be suspended as a result.

“City employees are working diligently to determine the source and extent of the infection. At this time, we have seen no evidence that any personal data has left the system,” said City Mayor Jack Young.

The investigation is still in the early stages, so it is not clear what type of ransomware was used in the attack nor how the ransomware was installed.

Potter County in Texas has also suffered a ransomware attack that forced workers to shut down their computers and switch to pen and paper. According to Potter County Judge Nancy Tanner, the County has been mitigating the attack for the past 17 days and those efforts are continuing. The ransomware appears to have been a secondary payload that was downloaded and executed after the attackers had gained access to County systems.  The primary malware infection is believed to have occurred in January.

While the recovery process is continuing, some systems have now been brought back online. Potter County officials hope to have all systems back up and running by the end of the week.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news