Baltimore City’s board has decided to devote a surplus of $10 million toward an emergency ransomware response in the city, after officials refused to pay $80,000 to the attackers.
Baltimore City officials this week approved the emergency funding to cover ongoing costs associated with a widely publicized ransomware attack that crippled city services in May, WBAL reports. Eight weeks after the attack, the municipality is still struggling with some systems, such as water billing.
“(The Mayor’s Office of Information Technology) has a lot of data and a lot of servers, and we want to make sure the data is restored and it is properly functioning before we start sending out water bills,” said Sheryl Goldstein, the mayor’s deputy chief of staff.
So far, the hack has cost the city around $18 million in recovery costs, and the toll is rising. The attackers had reportedly asked for $80,000 to $100,000 to decrypt infected systems. Law enforcement authorities, however, advised city officials to decline the hackers’ demands.
Soon after the attack, an investigation revealed attackers had used the EternalBlue exploit developed by the NSA. Since hackers leveraged a state-developed hack, Baltimore Mayor Bernard Young said the city would seek federal assistance.
In related news, two cities in Florida paid half a million dollars each after similar attacks. With their ransom demands fulfilled, attackers (this time) stuck to their end of the bargain and handed the victims their decryption keys.