In May 2019, the city of Baltimore found itself in major IT trouble.
A crippling ransomware attack took down systems in almost every department of the government. Files were encrypted and couldn’t be recovered. The perpetrators demanded 13 Bitcoin — about $76,000 — to restore the files.
To its credit, the city refused to pay the criminals. To its discredit, the city’s IT management was in such bad shape that fixing the damage cost the city millions. It was completely unprepared for any large-scale data disaster. Other IT operations should learn from Baltimore’s example and avoid its mistakes.
The ransomware that hit Baltimore goes by the name of RobbinHood. It’s an aggressive piece of malware that attacks Windows computers. It starts by stopping services that could interfere with encryption, including security software. It disables Windows automatic repair. Only then does it encrypt the documents on the computer and display a message demanding payment.
Currently there’s no known way to recover the files without paying.
The attack on Baltimore’s systems disabled email and other services. Large numbers of important records were lost. The city’s emergency services, including the police and fire departments, withstood the attack apart from losing email access. Few other systems did as well.
Email and payment processing systems remained down for weeks. People were unable to pay taxes and fines. Lack of access to data held up real estate transactions.
According to current estimates, recovery has cost the city $18.2 million, including lost revenue. It could be even more. Money was diverted from services to pay the costs, and taxpayers will certainly feel the pain. The good news is that it will pay for major improvements in IT security.
No network on the Internet is 100% immune to ransomware. It’s necessary to be prepared for the worst. Baltimore’s IT setup wasn’t prepared at all. Some of the problems were so plain that city councilors called them “mind-boggling.” Critical data was stored on desktop machines, with no systematic backup.
The city had no IT disaster recovery plan. It had no insurance against data disasters. Ransomware insurance is a growing business, but the city of Baltimore hadn’t taken advantage of it.
Computers weren’t regularly patched to remove Windows vulnerabilities. The systems were full of weaknesses just waiting to be exploited.
The blame fell on the city’s CIO, who has been suspended from his job. He faced criticism for poor communication after the attack. He had taken measures to improve security after a 2018 ransomware incident, but they proved to be insufficient.
How to Avoid a Ransomware Disaster
Every IT department should assume a ransomware attack can happen. Being prepared requires two things. The first is to make the systems as resistant to harm as possible. The second is to be able to recover quickly and without permanent data loss.
All important data needs to be kept on well-protected servers and backed up. Desktop machines are highly exposed to the Internet and run all kinds of software. Their users mostly aren’t skilled in data management. Entrusting important data to those machines is an invitation to disaster.
Cloud storage is the best choice in many cases. It’s stored off the premises, and it’s professionally managed for the best protection against failure of all kinds.
A network should have a disaster recovery plan in place. It protects not only against ransomware but against natural disasters and physical theft. Disaster recovery requires offsite backup and a way to get systems running again quickly. The plan should be periodically tested to make sure it works.
Is Your Security Up to Par?
Security plans need to be multi-layered and regularly updated. You can’t just throw something together and hope it’s good enough. Bluwater understands ransomware, hardware failure, human error, and other threats to data. We can provide assistance ranging from consultation to full security management.
Contact us to learn how we can help you to avoid scenarios like the one Baltimore faced.