Baltimore is still under the ransomware attack of which it has been the victim for the past month. But Henry Raymond, the city’s finance director, has already run his calculator. He estimates the damage at $ 18 million, of which “8 were lost due to deferred revenue or lost while the city was unable to process payments.” He said that figure could increase over time.
The city, which is still partially paralyzed, has had to temporarily recruit computer scientists to help remove malware. They may be dealing with Baltimore systems protection for a while, and their salaries may add to the city bill. In addition, the city’s IT department has already had to buy more than a million dollars in new computer hardware from the American group Dell under an existing contract.
Paper documents and manual procedures
Currently, some systems have been able to resume functioning but rely on paper documents and manual procedures. Among them, payment processing and the tools to manage transactions. Thus, tickets for traffic violations can only be paid in person and if they exist in paper format. Although the city has collected data for these types of violations until May 4, it is not yet possible to search for them in the database or to process payments electronically. In contrast, Department of Public Works Director Rudy Chow has warned residents that their next water bill will be higher than usual because for now, Baltimore’s smart meters are still on hold and bills cannot. not be generated.
Other blocked systems include the one that keeps prosecutors up to date with drug, DNA and gun results. They are forced to manually collect the documents from the municipal police. Additionally, the process of authenticating and restoring credentials for the more than 10,000 municipal employees is still ongoing. The latter cannot access their mailbox because their computers have been locked since the start of the cyberattack. They must come in person to receive new network and email credentials. It is also necessary to provide a municipal identity card to obtain the new passwords. So far, less than a third of employees have obtained the new credentials.
Twitter account survey
In recent weeks, researchers have confirmed that the Twitter account as Robbinhood is that of the person (s) responsible for the cyberattack. Documents taken from a file server in Baltimore were indeed posted to this account. They included personal identification data, health data and other sensitive information. The person (s) behind the account also denied having used the EternalBlue tool developed by the US intelligence agency NSA. This goes in the direction of the NSA statement reported by a congressman from Maryland last Friday. “At this time, there is no indication that EternalBlue played a role in the ransomware attack targeting Baltimore.” The agency had explained to him that his tool had not been used “to gain access or propagate other activity within the network”. The Twitter account was shut down on June 3 after a post containing racist comments and warning the mayor of Baltimore that he had until June 7 to pay the ransom.