About a third of Baltimore city employees have regained email access as officials continue their work to restore digital services after the May 7 cyberattack that crippled the city’s computer system.
Around 90 percent of employees are expected to regain online access by the end of this week, and the city has developed two new workarounds to pay traffic tickets and water bills, city officials said during a news conference Tuesday.
Officials also continued to emphasize that many city services and all emergency services, such as 911, are intact.
“Baltimore is open for business,” Mayor Jack Young said, before listing a plethora of services, including city payroll, recycling, permit applications, wastewater treatment and processing YouthWorks applications, that are up and running.
To pay water bills, customers can either make an estimated payment in person at the Abel Wolman Municipal Building or wait to receive a bill that will cover the time the system has been down once it comes back on line.
The city also has recovered information on traffic tickets issued up to May 4. Drivers who got tickets up to that date can pay them at the Wolman Building. If you got a ticket after May 4 and have a physical copy of it, you can also head to that building to pay it.
To get a new email account, city employees must show ID and provide their old username and password.
“We have 10,000 employees who need to be re-authenticated through this process in many, many locations, said Sheryl Goldstein, Young’s deputy chief of staff for operations who has been tasked with overseeing recovery efforts.
There are employees working around the clock on this process, she said.
The city is conducting a forensic review of the malware attack that should conclude in about a month, Goldstein said. After that report is finalized, officials will then share what information they can.
The source of the attack remains unconfirmed, and some accounts of the source are conflicting.
The New York Times reported last week it stemmed from software that originated from the National Security Agency. On Tuesday, members of Maryland’s congressional delegation said the NSA sent them a brief that said, according to some evidence, Baltimore was compromised by phishing.
”We urge against further speculation until the investigation is complete and look forward to sharing more as we learn more,” the delegation members said in a statement.
Goldstein declined to comment on the alleged phishing, again citing ongoing investigations.
Officials did not provide a timeline for complete service restoration. Cybersecurity experts say that restoration will take months, if not years, and depends on the quality of the city’s data backups.
Those backups do exist, said Young’s spokesperson Lester Davis, but technicians must carefully comb through differently time-stamped versions to ensure that they are not infected with ransomware before they are fully restored.
“Everyone likes to think of backups as a really quick fix but it doesn't work that way,” said Gregory Falco, a postdoctoral security researcher at MIT’s Department of Urban Studies and Planning and Computer Science and Artificial Intelligence Lab who specializes in cyberattacks on cities.
“I think that it's very possible that they created a backup, but didn't segment it from the network properly, and then that also got taken down,” Falco said.
Robinhood, the malware involved in the cyberattack, is infamous for its ability to bury itself deep into networks and the backups connected to them.
Baltimore has spent more than $1 million on new hardware, said city’s procurement officer Erin Sher. Existing contracts that have already been approved by the Board of Estimates have assisted in the recovery.
So have emergency contracts, which don’t require a public stamp of approval from the BOE. Davis said the city will eventually release the names of the vendors.
Officials also said the city’s finances will be secure in the long term.
“While far from ideal, the situation and the impact has been manageable,” said finance director Raymond Henry, who reiterated the attack will cost the city around $18 million.
Officials estimate rebuilding and improving hardware and software systems will cost around $10 million and that the city will lose up to $8 million in revenue while the systems are down. There’s a chance the city could recover some of those funds, Henry said.
Henry also said the city plans to issue its July tax bills on schedule and that the fiscal planning process for 2020 has not been impacted.
Goldstein maintained that the city will not pay the hacker’s ransom of 13 Bitcoin, about $100,000.
“The federal investigators have advised us not to pay the ransom,” she said. “The data shows that you have less than a 50/50 chance of getting your data back if you pay.”
Even if the city did pay, she said, it would still have to bury many costs such as re-building secure hardware and software systems.
The city’s IT department, aided by federal and state assistance, “has a plan and is going to pursue that plan to move forward not only in the short term as we bring our systems back online, but in terms of a long term project moving forward,” Goldstein said.