Here's what went wrong in Baltimore ransomware attack that cost the city over $18.2 million

• A new audit shows that the city lacked the right cybersecurity posture due to which it lost a majority of key data.
• By early July, Baltimore had already spent over $5 million towards recovery.

On May 7, the city of Baltimore, Maryland, was hit by a ransomware attack impacting its online services and more. Following the attack, the attackers took control of a majority of the city’s servers and demanded a ransom of 13 Bitcoins to unlock the encrypted data.

However, the city decided to restore the affected systems and data on its own by rejecting the demand of attackers. This eventually has cost the city more than $18.2 million in the recovery process.

While this may be true, a new audit shows that the city lacked the right cybersecurity posture due to which it lost a majority of key data.

What does the new audit say?

A new audit from Baltimore’s information technology department has cited that outdated proper backup method was the primary reason for the loss of data.

• Despite the rising concern of ransomware attacks, the government of Baltimore did not have basic policies for backing up employee systems.
• It was found that some government agencies in Baltimore used a legacy process i.e. hard drives on an individual computer to store files.
• The agencies did not use a cloud storage method and instead relied on computers’ hard drives to store data.

What is the outcome?

Baltimore City Auditor Josh Pasch reported that one of the “responsible personnel’s hard drive was confiscated and the other responsible personnel’s selected files were removed due to the May 2019 ransomware incident."

He further went on to add that this lost and missing data shows the lack of security awareness among the IT teams.

Expenditure so far

• By early July, Baltimore had already spent over $5 million towards recovery. Of that, $2.8 million was spent on forensic analysis and detection. Around $600,000 was used to deploy new systems and to replace hard drives. Another $1.9 million was dedicated to new hardware and software related to ransomware recovery.
• Baltimore’s budget office had estimated the overall cost to slightly above $18.2 million. This includes about $10 million that the city will spend on recovery effort by year-end and $8.2 million in potential loss or delayed revenue such as money from property taxes, real estate fees, and some fines.