[BreachExchange] Cybersecurity experts warn Baltimore to stop 'playing' with ransomware attacks

Destry Winant destry at riskbasedsecurity.com
Wed May 22 10:04:49 EDT 2019


https://www.foxnews.com/tech/cybersecurity-experts-warn-baltimore-to-stop-playing-with-ransomeware-attacks

Cybersecurity experts say Baltimore is playing with fire as a deadline
to pay thousands of dollars in ransom to hackers holding several of
the city's servers hostage has come and gone.

It has been two weeks since a cyberattack crippled Baltimore's
computer network. The internet thieves wanted 13 bitcoins - about
$100,000 - at the beginning, but the sum has risen $10,000 per day
since. The deadline for the payment - Friday - has come and gone. The
city isn't saying whether it paid but several servers were still
inoperable Monday.

"What's frustrating with Baltimore is that it's been quite a long time
since the infection," Daniel Tobok, CEO of Cytelligence, told Fox
News. "If they aren't fully operational by now, why are they still
playing with this?"

Tobok, whose company has helped 500 municipalities hit by ransomware
attacks, says while he doesn't necessarily advocate paying off cyber
crooks, he believes that in some instances "you don't have a choice,
you have to make a business decision."

He also warns that if Baltimore keeps stalling, the outcome could be
devastating.

"Baltimore is playing with time," he said. "They are going to come to
a point where they have two choices - A. The (ransom demands) are
going to skyrocket or B. The hackers will shut down the account they
have been using and move out."

If that happens, any communication or hope of restoring data could be
out the window, Tobok said.

Baltimore resident Rupert Choudhry says he's "holding his breath" and
worries this could be the calm before an even bigger cyberstorm.

"We are all in a wait-and-see mode," Choudhry told Fox News.

The FBI's cyber squad and experts from Microsoft have been working
around the clock trying to help Maryland's largest city. The mayor's
office told Fox News on Monday that there has not been an increase in
the severity of the attack, but did not provide details beyond that.

On Friday, Mayor Jack Young said he was unable to provide "an exact
timeline on when all systems will be restored."

"Like any large enterprise, we have thousands of systems and
applications," he said in a statement forwarded to Fox. "Our focus is
getting critical services back online, and doing so in a manner that
ensures we keep security as one of our top priorities throughout this
process."

He added that the city could see "partial services beginning to
restore within a matter of weeks" while some of the more "intricate
systems may take months in the recovery process."

The attack itself already has had a devastating domino effect in Charm
City. Residents have not been able to pay their bills online, finance
department employees can only accept checks or money orders and no
property transactions have been conducted since the attack. Most major
title insurance companies have even prohibited their agents from
issuing policies for properties in Baltimore, according to the Greater
Baltimore Board of Realtors.

Citing the ongoing criminal investigation, the city's information
technology boss Frank Johnson and other city leaders said their hands
were tied and could not provide specifics about the attack or
realistically forecast when the city would be up and running.

They do have several "work arounds" in place that allow some
departments to slowly get back to business. Johnson called the
situation "incredibly fluid."

"Anybody's that's in this business will tell you that as you learn
more, those plans change by the minute," he said.

Unfortunately, this isn't Baltimore's first run-in with cyberattacks.

There have been two major breaches to the city's computer systems
under Johnson's watch.

The latest batch of problems come just over a year after another
ransomware attack slammed Baltimore's 911 dispatch system, prompting a
17-hour shutdown of automated emergency dispatching. The March 2018
attack required operating the critical 911 service in manual mode.

Johnson is one of the city's highest paid employees, earning $250,000
a year. That's more than the mayor, the city's top prosecutor and the
health commissioner are paid.

This latest attack came about a week after the firing of a city
employee who, the inspector general said, had downloaded thousands of
sexually explicit images onto his work computer.

While all municipalities are menaced by malware, cybersecurity experts
say organizations that fall victim to such attacks often haven't done
a thorough job of patching systems regularly.

Asher DeMetz, lead security consultant for technology company Sungard
Availability Services, told The Associated Press that the number of
days Baltimore's servers have been down is unusually long.


"The city of Baltimore should have been prepared with a recovery
strategy and been able to recover within much much less time. That
time would be dictated by a risk assessment guiding how long they can
afford to be down," DeMetz said. "They shoud have been ready,
especially after the previous attack, to recover from ransomware."

In the last month alone, a list of known cyberattacks includes Stuart
City, Fla., City of Greenville, New York state, Imperial County,
Cleveland Airport, Genesee County, Fisher County in Texas and the
Sugar City School District.


More information about the BreachExchange mailing list