Technical.ly looks at what city got for $10M ransomware recovery spend
An information request yields new details on Baltimore’s hefty expenditure after the crippling 2019 malware attack
Above: With a vulnerable IT system and no cybersecurity insurance, the cost of recovering from a malware attack was high.
Back in 2019, after city government suffered the worst ransomware attack in its history, Mayor Jack Young and other city leaders approved $10 million to help the city recover.
Consultants, hardware, software, staffing – how exactly did the money get spent, and who was it spent on?
Local website Technical.ly submitted an information request to the city and, nearly three years later, has some new details.
Their recent report shows the city tapped a wide range of experts, from Irvine, Calif., based Dyntek to local cybersecurity firm SecuLore Solutions out of Odenton.
Robbinhood malware infecting city servers hobbled water billing, real estate property transfers and other government functions, forcing the city to lock staff and elected officials out of their government email and requiring several months to fully restore.
“We won’t talk more, all we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” the hackers said in their ransomware note. Young refused to accede to their demands, which amounted to about $76,000 worth of Bitcoin.
In addition to his request for information, Technical.ly reporter Donte Kirby talked to experts about the city’s choices – from the decision not to pay the hackers to the failure to keep systems updated against attacks to city government’s failure to purchase cybersecurity insurance.
As a VP of intelligence at ZeroFOX put it, “The challenge in cybersecurity is: Prevention is hard, sometimes, to document what the value was. The value comes after something bad happens.”
From The Brew Archives:
• Baltimore’s out-of-date and underfunded IT system was ripe for ransomware attack (5/21/19)
• At long last, Baltimore has cyber insurance (10/17/2019)
• Baltimore government came under a potential security breach three months ago (6/2/21)