[BreachExchange] Cyberattack cripples Baltimore's government computer servers
Destry Winant
destry at riskbasedsecurity.com
Wed May 8 05:40:06 EDT 2019
https://abcnews.go.com/US/wireStory/cyberattack-cripples-baltimores-government-computer-servers-62888773
Baltimore's government on Tuesday rushed to shut down most of its
computer servers after its network was hit by a ransomware virus.
Officials believe it has not touched critical public safety systems.
Agents with the FBI's cyber squad were helping city technology
employees try to determine the source and extent of the cyberattack.
Baltimore Mayor Bernard "Jack" Young said police, fire and EMS
dispatch systems have not been affected, but other layers of the
mid-Atlantic city's network have been "infected with a ransomware
virus."
"At this time, we have seen no evidence that any personal data has
left the system," Young tweeted Tuesday afternoon.
While the scope of the problem wasn't immediately clear, email and
phone outages hobbled parts of the city's network. Public works
officials told customers that "for now we're unable to take calls to
discuss water billing issues." Finance department employees said they
could only accept checks or money orders.
The Tuesday problems come just over a year since another ransomware
attack hit Baltimore's 911 dispatch system, prompting a worrisome
17-hour shutdown of automated emergency dispatching. The March 2018
attack required the transition of the critical 911 service to manual
mode.
Following last year's attack, which came days after ransomware
staggered the city of Atlanta's computer network, officials in
Baltimore disclosed that its systems were made vulnerable by an
"internal change to the firewall" by a technician who was
troubleshooting within the automated dispatch system.
Ransomware typically exploits known software vulnerabilities.
Cybersecurity experts say organizations that fall victim to such
attacks often haven't done a thorough job of patching systems
regularly.
A 2016 survey by the International City/County Management Association
and the University of Maryland, Baltimore County, found that ransom
demands accounted for roughly one third of attacks on city and county
administrations.
Cory Fleming, program director of the association, said it was
difficult to say what this second recent attack on Baltimore means but
she stressed that the security of a city's digital infrastructure is
no longer just a reflection of its IT department. She said it raises
leadership questions.
"Every staff member needs to understand best practices and see
themselves as stakeholders in security. When that doesn't happen,
usually a city needs leadership not new tech," Fleming said in an
email.
Last week, former Mayor Catherine Pugh resigned in the middle of her
first term. She's mired in a scandal that's put her in the crosshairs
of federal, state and city investigators trying to unravel the murky
financial arrangements of her self-published children's books. Young,
a fellow Democrat, officially took over as Baltimore's mayor last
week.
More information about the BreachExchange
mailing list