Baltimore joins Atlanta’s fight against ransomware

911 had its own emergency

The 911 dispatch system in Baltimore is back up and running after a piece of ransomware forced the city’s emergency services offline over the weekend.

Authorities were alerted of the attack on its Computer Aided Dispatch (CAD) network on Saturday morning and switched to a manual system of directing first responders to emergencies. Normal operations were restored 17 hours later.

No data was compromised, and no other systems were affected, city officials said, who called the incident a ‘”limited breach”.

Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, told the Baltimore Sun: “I don’t know what else to call it but a self-inflicted wound. The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”

Johnson said one of the city’s IT teams had accidentally left the CAD system open to attack while fixing a separate issue on the server. This allowed attackers to scan for vulnerabilities and gain access.

In a statement on Wednesday, Johnson confirmed the CAD system had been hit with a piece of ransomware but did not comment on the request made by the assailants due to ongoing investigations by the FBI.

The Department of Homeland Security (DHS) has issued warnings of attacks on emergency call centers as early as 2013, with a strong focus on Telephony Denial of Service (TDoS) – an extortion scheme that cripples an organization’s phone lines.

A move to internet-based services has presented new vulnerabilities and increased the likelihood of an attack on emergency services, DHS warned.

Baltimore is not alone in facing threat to its critical infrastructure.

Last week, a ransomware attack sent Atlanta’s city servers into lockdown mode, including services related to paying bills and issuing arrest warrants, as attackers demanded $51,000 in bitcoin.

These are tactics that Dell SecureWorks, a security firm assisting with the investigation, has linked to the group behind SamSam ransomware, the New York Times reports.

While city employees in Atlanta were told that they could turn back on their computers on Tuesday, disruptions are still affecting some departments, to which five of thirteen were forced to operate manually due to the attack on 22 March.