💰💣

Baltimore City Security Incident

7/05/2019 2271 days ago Resolved

Incident Overview

Situation Description

Baltimore City experienced a ransomware attack on May 7, 2019, which significantly disrupted its computer systems and services.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Government

Geographic Scope

Local

Response Actions

Revoked Credentials & Forced Resets Restored Systems from Secure Backups Took Systems or Services Offline Managed Public Narrative & Crisis Communications Revised Incident Response Plan

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$18,200,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) PHI (Protected Health Information)

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

Baltimore City officials are expecting to re-authenticate nearly 90 percent of employees with new passwords by the end of the week.; Baltimore City is implementing a manual workaround for property sales to continue operations during the technology outage.; Baltimore City's IT team will slowly bring computer systems back online to ensure better security following the ransomware attack.

Technical Analysis

Attack Method

Unpatched Vulnerability

Vulnerability / Tool

EternalBlue

Additional Information

(Update: June 5, 2019) Over one third of Baltimore City computers restored After nearly a month since the ransomware attack on May 7, Baltimore City officials have provided a fresh update on the recovery efforts. As per the latest update, around 35 percent of nearly 10,000 municipal employees have regained access to their computers and email accounts. Moreover, the authorities are expecting to re-authenticate nearly 90 percent of employees with new passwords by the end of the week. Additionally, Baltimore residents can also now make payments for any parking tickets issued after May 4, for which the data has now been restored. Ref - Baltimore Fishbowl Investigators looking into the Twitter account linked to attackers After the discovery of the Twitter account which released documents related to the ransomware attack, federal investigators are trying to verify the authenticity of the documents and the identity of the people behind that account. The account posted several documents such as faxes sent to City employees including one that contained a womans medical history. The account also threatened to leak financial documents and citizens personal information on the dark web if the ransom is not paid. The account sent a direct message to a local reporter on Twitter, saying If you dont like to see all of them in the darknet, tell to mayor! Ref - Baltimore Sun --- (Update: June 5, 2019) Over one third of Baltimore City computers restored After nearly a month since the ransomware attack on May 7, Baltimore City officials have provided a fresh update on the recovery efforts. As per the latest update, around 35 percent of nearly 10,000 municipal employees have regained access to their computers and email accounts. Moreover, the authorities are expecting to reauthenticate nearly 90 percent of employees with new passwords by the end of the week. Additionally, Baltimore residents can also now make payments for any parking tickets issued after May 4, for which the data has...

... (truncated for display)

Quick Facts

Company:: Baltimore City
Date:: 7/05/2019
Status:: Resolved
Decision Maker:: Baltimore City officials
Position:: nan
Published:: 5/06/2019

Source Information

Original Query

timeline of company actions after discovering ransomware

View Original Source

Timeline

Information Published

5/06/2019

Incident Occurred

7/05/2019 (2271 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats