Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in exchange for the decryption keys use to unlock the files.
The ransomware attack on the Baltimore City Hall took place on Tuesday morning and infected the city's technology systems with an unknown ransomware virus, which according to government officials, is apparently spreading throughout their network.
According to new Baltimore Mayor Bernard C. Jack Young, Baltimore City's critical public safety systems, such as 911, 311, emergency medical services and the fire department, are operational and not affected by the ransomware attack.
Young also says the city technology officials are working diligently to determine the origin and extent of the cyber attack that left large swaths of Baltimore City government paralyzed.
"At this time, we have seen no evidence that any personal data has left the system," Young tweeted. "Out of an abundance of precaution, the city has shut down the majority of its servers. We will provide updates as information becomes available."
In the meantime, thousands of City Hall personnel were told to disconnect their computers from the internet to prevent the ransomware infection, and some departments even dismissed their employees early.
Due to the network outages, the city's Director of Public Works told customers that their officials are unable to "take calls to discuss water billing issues" for now, while the city's Finance Department employees said they could no longer accept cash payments.
"The email outage has also taken down phone lines to Customer Support and Services, so for now we're unable to take calls to discuss water billing issues. Sorry for the inconvenience," Baltimore's Department of Public Works tweeted.
The Baltimore City Department of Transportation also tweeted that two impound lots at "Pulaski Facility (Main) and Fallsway Facility" and the Right of Way Services Division were impacted "due to Network/email outage."
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Though at this time it's unclear how the ransomware got into the Baltimore City's computing systems or how much amount the attackers have demanded as a ransom, Democratic Mayoral spokesperson Lester Davis told the Baltimore Brew that the city would not pay any ransom.
A similar ransomware attack hit the Baltimore City's phone system in March last year, shutting down automated dispatches for 911 and 311 calls for more than 15 hours.
Baltimore is not the first major U.S. city to be hit with a ransomware attack. Last year, Atlanta was attacked by the SamSam ransomware, eventually disrupting the government operations.
The Department of Justice late last year indicted two Iranian nationals for their role in creating and deploying the SamSam ransomware against more than 200 victims, including Atlanta city government, the Colorado Department of Transportation, several hospitals and educational institutions.