Earlier this year, in May, the city of Baltimore suffered a ransomware attack. A number of important services were disrupted, and key operations had to go into manual mode – things like online payments, email, telecommunication and more.
Ransomware is a type of attack where the victim is locked out of their data, usually by an encryption key. Only when they pay the fee will they get their data back – if the attackers decide to stick to their claims, that is.
In the case of Baltimore, the attackers demanded the Bitcoin equivalent of $76000 in exchange for decryption. However, the city refused to pay the demands, instead deciding to recover the systems and its data by themselves.
Paying ransomware attackers only continues to fuel the crime. If no-one paid up, there would be no point to carrying out the attacks in the first place. That said, by July Baltimore had already spent over $5 million on their recovery. Forensic analysis and detection accounted for $2.8 million, staff to deploy new systems for $600000, new hardware and software for $1.9 million.
That’s just the beginning of it. The city has said that they predict their spend to total $10 million this year. Some papers also claim that city officials have cited an additional $8.2 million loss in revenue from fines, fees and taxes.
The reason that Baltimore had to pay all this money is because they did not have sufficient enough backups of their data – in many instances, they had no backup at all.
An audit has found that, more often than not, the only copy of critical data that they had was the source. In other words, the file that the user themselves had saved.
Baltimore’s IT department had no data recovery processes in place, no cloud backup. Many employees just saved their files to their local drives and nothing else was happening with that data. No backup, no redundancy, and certainly then no protection against ransomware. When the data was locked, it was the single copy of that data that got locked.
Eric Costello, a councilman in Baltimore, said to the local paper that the situation was “mind-boggling”. And he’s not wrong. The fact that the city had no policies or procedures in place to backup their data, let alone protect against ransomware, is unacceptable.
If an organisation suffers a ransomware attack, they should be able to detect that it’s happening, detect how it happened and stop it spreading, and then recover any data that might have been lost or locked.
You can be sure that Baltimore have learnt their lesson on this one. Their cost of recovery thus far has wildly exceeded what a thorough backup and recovery plan would have cost. Backup can be challenging, but it should always be a top IT priority. If you hold any critical data, it needs to be backed up. Head the mistakes of Baltimore and don’t let your business fall foul to the same – keep your cybersecurity at top of mind, all the time.
Ransomware Victims Baltimore Had No Backup
No comments yet. Sign in to add the first!