With computer systems offline, city employees weren't able to tell how much residents owed on overdue bills. Which means they couldn't process the payments. And if they don't pay, they could face liens and foreclosure.
(TNS) — Baltimore Mayor Bernard C. “Jack” Young said all city employees were at work Wednesday as information technology teams tried to recover city systems from a ransomware attack, but “everything that we’re doing, we have to revert back to manual.”
The extent to which city systems were disrupted was clear at the Abel Wolman Municipal Building next to City Hall, where property owners tried to meet a deadline to pay overdue bills before the debts turn into liens against their properties and the city auctions them Monday to investors.
Systems for checking on debt amounts and taking credit card payments were offline. In the main lobby, a bank of cashiers’ desks stood unused. Staff in the lien office was telling people they could pay only if they had a certified check or money order and only if they had correspondence from the city showing how much they owed.
Young appeared alongside city IT director Frank Johnson at City Hall to brief reporters on the hack, but they shared no new information about its severity or how long it would take the city to recover. They offered few details, citing an ongoing investigation by the FBI.
“I don’t care what kind of systems you put in place, they always can find a way to infect your system,” the Democratic mayor said. “I know we’re going to do all we can to solve this issue and put up other protections.”
Young said that if the problems take longer than anticipated to fix, he “will be asking city employees who really can't do their work because of the computer systems, would they ‘be willing to go out and help us clean up the city?’”
Officials said Tuesday the city had fallen victim to hackers demanding payment to unlock encrypted files in city computers. Johnson confirmed Wednesday the ransomware involved is called RobbinHood; he described it only as “very aggressive.”
Lester Davis, a spokesman for Young, said after the briefing that officials have to balance transparency with guarding against sharing information that could reveal to hackers what systems are vulnerable to attack.
Davis said most residents would not notice any impact. Officials stressed that emergency services, including 911 and 311, were not affected, but they acknowledged the Baltimore Police Department email system was not working.
At the Wolman Building, school system employee Barbara Holton said she hurried downtown after work to attempt to clear a debt on a rental property. Holton said when she first arrived, she was told the systems were down — information noted in handwritten notes taped to some office doors.
Holton went to the lien office to try to pay the bills anyway. Tammy Hollie, a supervisor in the office, asked Holton if she had a letter from the city stating what she owed. Holton did not.
“We don’t know what you’re supposed to pay,” Hollie said.
Holton said she could check if she had the letter in her car. It was almost 4:20 p.m. and the office was scheduled to close at 4:30 p.m.
“I’ll give you an extra five minutes,” Hollie said.
Once a debt for unpaid city property taxes or water bills becomes a lien, it is auctioned online to investors who can charge interest and legal fees to the property owner. If the owner still can’t pay, the investor ultimately can foreclose on the property, potentially seizing it for a fraction of its value.
One homeowner, who asked not to be identified discussing her personal finances, said she spent about four hours away from work on Tuesday and Wednesday trying to pay her bill. The woman said the lien office was full Tuesday with people who were “discombobulated and upset.”
On Wednesday afternoon, the woman eventually delivered a money order and certified check, but an employee in the office said she wouldn’t know for sure if the debt was cleared until the computer system came back online.
Another homeowner, who also asked not to be identified, gave a similar description of the scene Tuesday. He said he was told he could drop off a check and “’We’ll get to it once the computers are back up.’”
Other city departments, including the inspector general’s office, the Department of Transportation and the Department of Public Works reported issues with email and phone systems. Scheduled events, including a City Council committee hearing, were canceled Tuesday, although the city Board of Estimates met as usual Wednesday.
Johnson said if anyone wants to reach the city, “the best way to do it is to pick up the plain, old telephone and give us a call.”
But the city Inspector General’s office said in a tweet that its complaint hotline was not working and supplied an another number for people to use.
The mayor’s office was able to circulate Young’s daily schedule because it is distributed using a third-party system.
Democratic Councilman Bill Henry tweeted that the Department of Public Works has agreed to waive late fees on any water bill payments delayed because of the attack.
Asked about the hack after the weekly Board of Estimates meeting, Democratic City Council President Brandon Scott told reporters, “it’s a very serious issue.”
Scott said the city IT office made some changes in the last year after being hit by a previous attack, but he plans to review the budget to ensure enough resources are being devoted to computer security.
“This is something I’ve talked about a lot,” Scott said.
Despite the two attacks, Johnson said that the city’s computer systems have strong defenses.
“Unfortunately, it is a race between the bad actors and the cybersecurity industry,” Johnson said. “We have been assessed several times since I've been here and have got multiple clean bills of health.”
Johnson declined to say how often software patches were installed on city computers after a founder of one of Maryland’s most prominent cybersecurity companies said Tuesday that one of the best defensive measures an organization can take is to regularly update computers’ operating systems.
“I absolutely do know,” Johnson said. “I just can’t comment on that right now.”
Hackers asked for about $76,000 to free city files, but Davis said the city won’t pay.
Dave Fitz, a spokesman for the Baltimore office of the FBI, said federal investigators were working with agents at FBI headquarters and other offices across the country to determine if the attack in Baltimore was similar to others. The city of Greenville, North Carolina, reported last month it was attacked with RobbinHood ransomware.
“We are working to track the actors and identify and disable the technical infrastructure to prevent future attacks,” Fitz said.
With time ticking down Wednesday afternoon, Holton headed out of the Wolman Building, but an employee at the front door warned her it might be closed at 4:30 p.m. Holton went back to Hollie, who assured her she’d wait and told Holton, “You’re wasting time.”
So, Holton returned to her car parked in a lot under the Jones Falls Expressway a couple blocks north.
“What a bad day for the computers to go down,” Holton said, as she walked up Holliday Street.
She checked the back seat of her Nissan for the letter. The trunk. Nothing.
“I don’t have it,” she said. It was 4:27 p.m.
Three minutes later, Holton was back at the front of the building as employees streamed out the door.
Hollie was still waiting inside. She took Holton’s payment and went back into her office. Hollie reappeared and handed Holton a handwritten note explaining that if the payment amount wasn’t correct, it wouldn’t be processed.
Nonetheless, Holton said she was relieved. It was 4:41 p.m.
“You never known how your day is going to end,” Holton said.
©2019 The Baltimore Sun. Distributed by Tribune Content Agency, LLC.