Incident Response, Uncategorized

What the Baltimore Ransomware Attack Means for Incident Response Communications

Government officials have to respond to baltimore ransomware attack.

On Tuesday, May 7, Baltimore city employees came into work to find that their computer screens were locked. “We’ve been watching you for days,” the message on their screens read, “We won’t talk more, all we know is MONEY! Hurry up!” The city of Baltimore had been hit by a ransomware attack; the hackers were demanding $100,000 in bitcoin to release their files.  The Baltimore ransomware attack shut down government email and disabled 21 Baltimore city agencies, meaning people couldn’t pay utility bills, parking tickets, or taxes. It even shut down public health alert systems. But throughout all this Baltimore held fast—refusing to pay the ransom The upshot? The ransomware attack is going to cost the city of Baltimore over $18 million in lost or delayed revenue and costs to restore systems. Nearly a month after the attack the city is still restoring system services and email accounts. 

The Baltimore ransomware attack has made one thing perfectly clear: city governments need to have an alternative secure channel to coordinate incident response during a ransomware attack.

Communicating During Incident Response – The Challenge to Find Workarounds

Once Baltimore’s government online communications were down, there was no easy way for officials to communicate to contain the attack. Some tried to create Gmail accounts to conduct work, but quickly faced problems when Google’s security system flagged them as suspicious and suspended the accounts. Critical communications between city officials and residents also broke down: Baltimore’s text alert system that warns drug treatment providers and individuals about possibly deadly street drugs was pushed offline.  With Baltimore seeing more opioid-related deaths last year than homicides, these communication programs could save lives. Without an alternative secure channel to coordinate incident response, Baltimore city officials were seriously hampered in their work—and lives have potentially been put at risk.

Cities are the New Hospitals

Until fairly recently it used to be hospitals that were a favorite target for ransomware attacks—but today, cities are the new hospitals with cities being increasingly targeted with ransomware thanks to their reliance on outdated hardware and software—as was the case with Baltimore. Indeed, the Baltimore ransomware attack is not an isolated case. This is the second time Baltimore’s been targeted and in March of last year Atlanta suffered a similar attack. Over 20 municipalities this year have been targets of cyber-attacks including Allentown and San Antonio. Cities need to take the steps needed both to build up their security and to prepare for incident notification and response coordination in the event of an attack. 

Secure Communications Channels at the Heart of Incident Response 

If cities and local governments want to protect themselves during ransomware attacks, they could take pointers from hospitals and focus on updated technology and cybersecurity. And in situations like the Baltimore ransomware attack, having an alternative, secure channel to keep communications running when email and other critical communication tools get pushed offline can be a lifesaver. Cities should have systems in place that run independently of government emails or texting systems, ensuring that communications can continue to run even if there’s a cyberattack, and ensuring that there’s a way to keep everyone in the loop. These systems should be secure, compliant with government regulations and easy-to-use for government officials, employees and city citizens. 

To learn how Vaporstream can help you keep communications flowing even during a cyberattack check out our Incident response video