The Chatter

City Officials Assess the Damage from Ransomware Attack

As the government cyber attack presses on, local leaders are implementing workarounds.

Shortly before the ransomware attack that has plagued Baltimore’s city government, Bill Henry, councilman for Baltimore City’s 4th District, was helping shepherd a piece of rezoning legislation. The planning department has protocols in place where it doesn’t print out conditions until it’s time for a commission hearing. When the attack hit, no one in the department was able to access their email, and things grounded to a halt.

“[The attack] has resulted in everybody having to do even more work to try to accomplish the same objective as we’ve always been trying to do,” Henry says. “It’s added time and extra work to the same problem solving.” In this case, Henry had to contact the developer directly to get the information he needed, a workaround that just isn’t possible for every scenario.

As it stands, government officials are unable to send and receive email, and the city’s digital systems—which ordinarily help facilitate real estate transactions, parking tickets, and other municipal functions—are all offline. This has forced the implementation of workarounds, with a manual system for property transactions in place. The city is encouraging people to set aside the money they would normally pay on a bill so that they have it readily available to pay when systems are back online. In total, the city is working to ensure that interactions with local governments are as seamless as is possible given the circumstances.

“The overarching goal is: How do we minimize the inconvenience that they’re going to experience off of this?’” says Lester Davis, a spokesman for Mayor Jack Young. “The departments of finance, law, public works, transportation have all been working diligently to try to minimize disruptions.”

An attack like the one Baltimore has faced is debilitating—it effectively puts the city at somewhat of a standstill. Henry also notes that it comes in a transitional period in top leadership positions, as those in charge are faced with a crisis while adjusting to their new roles.

And, while the mechanisms to try to stop some of the bleeding are in place now, the total damage is still being calculated and won’t be fully realized in the near future. “I think it’s going to be difficult to know exactly how to assess the damage here,” says David Troy, CEO of 410 Labs. “It’s going to turn out to be a bigger deal than we can imagine.”

Troy has decades of experience in technology and design, and understands what an attack like this means to the processes and firmware of the city. He says that, in order for things to return to a semblance of normalcy, it’s going to take an effort from the ground up.

“Regardless of whether we pay the ransom or not, we still have to go through this process of tearing everything down and putting it back online,” Troy says. “In many cases, that’s also going to mean getting new software versions. In situations where we can’t get updated versions, those need to be assessed to see whether or not they pose a substantial risk, and we have to look at how to mitigate those risks.”

The city’s efforts to circumvent the issue have not all gone swimmingly, either. In an attempt to have some form of online communication, some departments created Gmail accounts to establish a new channel. The issue there, though, is that Google charges a fee for what it deems business accounts, so they were briefly shut down. The misunderstanding was resolved, but it was another mark on what has been a difficult several weeks.

Troy has his own suspicions as to what caused the attack, speculating it might have been a situation where phishing was involved, in which someone unwittingly clicks on something they shouldn’t have and hackers can tamper with city functions. But he also cites apathy and human nature as elements at play. If a system is working and humming along, people don’t feel the need to update its infrastructure.

He is also wary of what will become of the records being taken manually while systems are offline; they’ll need to be inputted, too. It’s another example of the complete butterfly effect something like this can cause, which also includes an increased workload for the people trying to keep the city running in the face of adversity.

While it has not yet been determined what exactly did cause the attack, new reports suggest that the software used to carry it out could have originated from the NSA, where it was leaked and co-opted by hackers. If this is in fact the case, the city could seek federal funding to help in system recovery efforts.

“We have folks who come in an hour before their 12-hour shift starts to receive training [on alternative workarounds], meeting regularly to assess throughout the day what’s going on and to learn,” Davis says. “It’s a huge testament to the power of teamwork.”

If anything, things are going back to how they used to be in city government before the advent of the internet. People paying for utilities by writing checks, meter maids filling out parking tickets by hand, and inter-government communication is totally offline for the moment.

“I’ve been thinking a lot about what it was like pre-internet,” says Henry, who was working in City Hall 25 years ago. “We largely communicated by landline phone calls, by memo when it was complex, and we communicated in person more. That’s one of the things we are seeing more of now also. Now, that’s also an alternative.”

It’s a cliche, but life goes on—in the case of the city, it has to, lest the backlog get to a point where things become untenable. As the city works to get its systems updated, more secure, and back online, that’s all they really can do. If there is any silver lining at all that can be taken from all of this, it’s that these disruptions are going to force a massive overhaul of the city’s systems in many different phases.

“The city is still functioning, it’s still moving, babies are being born, buses are running like clockwork,” Davis says. “We really appreciate the patience that folks have shown.”