Malware

City of Baltimore Seeking FEMA Relief After Ransomware Attack

Government Officials Request FEMA Relief to Help Cover Costs Associated with Ransomware Attack

As you may know, the City of Baltimore was hit with ransomware earlier this month. The ransom demands were approximately $100,000, and the city is refusing to pay. However, after three weeks of attempted remediation efforts, the networks are still down. City employees even created free GMail accounts in an attempt to restore email communication; however, Google shut that down, as using personal email accounts for business purposes is not permitted.

As the costs continue to rise, Baltimore City Council President, Brandon Scott, reported he has requested for Governor Larry Hogan to seek a federal emergency and disaster declaration. If declared, the FEMA request would reimburse the city for damages, costs, and repairs related to the attack through federal funds.

This may sound fair, considering it is causing issues throughout the city of Baltimore. However, the hackers were able to exploit Baltimore’s networks through the Eternal Blue vulnerability. This is the same NSA exploit used to spread the first global attack, WannaCry, over two years ago. A patch for this vulnerability has been available for two years. So, because the City of Baltimore didn’t install this patch, their systems became infected with ransomware. Granted, hackers shouldn’t hack, and the city was the victim — but how hard can you play the victim role, when there was a way to avoid the mess, to begin with??

Beyond a failed patch management system, the city’s security solution was ineffective as well. Although the door was left open through Eternal Blue, that doesn’t mean a guaranteed infection. The malware, in this case, ransomware, still had to execute. In order to execute, it had to bypass the security solution. The best way to avoid malicious software from bypassing a security solution is to deploy an antivirus solution that utilized application whitelisting as its primary method of malware prevention.

So not only could the infection have been avoided through patch management, but also by deploying a better security solution. Yet, the city is requesting federal funds to help cover the costs.

What do you think? Should they be granted the FEMA declaration?

4,817 total views, 1 views today

(Visited 1 times, 1 visits today)

47 thoughts on “City of Baltimore Seeking FEMA Relief After Ransomware Attack

  1. Nope…Baltimore run so poorly for so many years. Here we have a case where no patch management and CVE details/fix published for all CIOs/Staffs to see well in advance. The common theme among Baltimore, Detroit, SF, LA etc. with all their problems is the leadership is Democrat.

    • FEMA is not for ransoms. It is for natural disasters. Have the FBI investigate. If caught the perpetrators should be jailed for a long time. If coming from a foreign country let that country know we will not trade with them until they prosecute. Trump is right. Enough is enough. And Baltimore, get a new IT person. there are plenty of ways to prevent this. Your mayor seems to instigate trouble but cant do a damn thing to stop it. Stupid is as stupid does.

  2. There should be no federal bailout of Baltimore – or any other city or government unit – from FEMA. or any other federal entity.

  3. If it’s up to people on this comment board, it’ll be a cold day in hell before Baltimore gets any FEMA funds. Let me add my name to the large list of people who have echoed the incredible mis-management that exists at every level of the City of Baltimore. Someone suggested firing the IT Manager. Good luck trying that. He (or she) is a city employee. They can get away with damn well anything and not lose their job…they might get promoted!

  4. No way. FEMA is for natural disasters, not man made disasters. Let their Mayer & Prosecutor pay for it.

  5. No way should they get federal money from us taxpayers. As corrupt as this mooching group of scoundrels is the best thing to do would be to force them into going back to the world of file cabinets and carbon paper.

  6. So, government employees can act (or not act), resulting in severe financial consequences, and then appeal for federal tax payer money to bail them out? No! and infinitely NOI Fire numerous incompetents in IT other involved personnel. Either purchase expensive insurance or make a call to PCPitStop and get protection. Quit being idiots or hiring them.

  7. Robert, Why is it that the automatic reaction is that “the Russians (did it or are coming”? There are plenty of other enemies of this country, other than Russia. We have more cyber threats from China because they have shopped our own companies. And there are other countries with the knowledge to do this.
    As far as Baltimore is concerned or the state of Maryland, why didn’t they use the Bus Money they sent the kids to protest, for IT upgrades or fixes.
    FEMA? Really? The breach is not a natural disaster, it is a lack of concern by the local government.

    • “it is a lack of concern by the local government.”
      It is incompetence by the local government. If a patch was available and was not implemented, why do they expect the taxpayers to bail them out?

  8. “So not only could the infection have been avoided through patch management, but also by deploying a better security solution. Yet, the city is requesting federal funds to help cover the costs.”

    NO, NO, NO.
    If they are trying to raise funds to cover the costs, may I suggest they take it out of the severance pay of every member of their IT department. Why should any taxpayer, Federal, State or City, be expected to backstop Public Service incompetence? The means of prevention of this attack was available two years ago, but someone decided that they knew better, and it wasn’t needed. If the Federal government bails out this city, hackers all over the world will be celebrating, and rushing for their keyboards. Standby for the avalanche.

  9. NO WAY should they get FEMA funds!! That is ludicrous to even ask for; but then we are talking about a liberal administration in a historically liberal city, what would you expect… Government handouts are all they know…

  10. As a former IT director of a county government in Maryland, I know the attitude of Baltimore City. Its the rest of the state has to pay for our problems. Many, many years ago when there was a Federal Revenue Sharing Plan, the then President of Baltimore City Council got up before a group of us and said, “All the counties should just handover all of the funds they receive from the program and give it to Baltimore City.” It happened all of the time that Baltimore City felt the counties should pay for the city’s mis-management. There was and is NO EXCUSE for not having all the security updates applied and in place.

  11. I don’t think FEMA should have to bail Baltimore out of this problem. If the government helps them with problem then when other places get hacked they will expect help from FEMA. It will cost the tax payer a fortune. There is no excuse for this to happen with all the technology now available. If they hadn’t been so lazy and incompetent in the first place this would never have happened.

  12. I agree with all the above. These Gov’s have got to get with it. We the people have to protect our selves. So do they. If they are that Nieve to think they are exempt from the problems of society. Then they should pay. So get on it Baltimore!

  13. The Governor of Maryland should order the Baltimore Police Chief to place the Baltimore Mayor, the entire city council and city engineers responsible for Baltimore’s cyber security into city patty wagons and drive them around the city for a full workday (not to be less than 8 hours).

  14. I think they shouldnt pay for that,but in this case they may have to do it to keep the system running.Well all city governments should have more protection,because this attacks will keep going and get worse.Russian hackers are doing this.

  15. I do not think that the taxpayers should be on the hook for this in any way. Accountability measures need to be imposed on the people responsible for not keeping the system secure and up to date. It’s not like Baltimore is some small city that would never be a target either. Cyber crimes are the new norm and additionally to the ransom Baltimore has lost more money trying to correct a problem. Closing the “barn door before the horses leave” is always good practice.

  16. Tax payers should definitely NOT have to pay for their incompetence! That’s like asking your insurance to pay for your belongs after you left your house with all the doors open…..
    The incompetence in the world today is mind boggling.

  17. If FEMA gives them one dime I will start writing my Senators! Rewarding somebody for making , and cleaning up, mistakes is the best way I know of to perpetuate the behavior that caused it!

  18. I do not want MY tax dollars used for bailing them out of this mess. They made it, they can deal with it!
    Lets save our FEMA money for people who NEED it, not for those that WANT it.

  19. I protect my Computers with PC Matic and have done so for as long as PC Matic has been in business. The cost for me as an individual has been quite reasonable and effective. I cannot imagine a large city like Baltimore not having an IT Dept. that should have taken care of a Ransomware protection. No I don’t believe they should receive FEMA funds.

  20. I agree. NO BAILOUT with taxpayer dollars. Here’s another example of victimhood sponsored by Baltimore’s Left leaning government. Don’t accept responsibility for your ineptitude then ask someone else to pay the tab you ran up.

  21. Why would this be a cost to the entire country via FEMA? Seems as if it should be a problem for the citizens of Baltimore that elected incompetent representatives.

  22. As a business owner, If I didn’t take the precautions necessary to fight ransom ware and many other things no one would come to my rescue. I have had PC Matic for so many years I can’t remember and all the employees are aware that any email with an attachment is not to be opened unless it is pictures from a customer. To add to this, my computer guy is a phone call away and gets to the office quickly. It sounds like Baltimore to me. Messed up!

  23. No way!!! Baltimore and it’s failed policies are their own fault and typical of the Democrats in power. FEMA should not bail them out

  24. First fire the IT manager because they do not know what they’re doing. Secondly, I don’t want my tax payer money going to a city where the mayor lets their city be destroyed by demonstrators with only one thing on their mind. Let the professional baseball or football teams that have so many governments incentives and tax breaks to pay for it.

  25. The people’s (government) money should not be used because the city of Baltimore did not exercise a reasonable amount of self protection that had been available for two years. Their failure… their expense.

  26. I also thought they should have had PC matic when I heard about this. They absolutely should not get FEMA funds. This is an emergency of their own making. They also could have paid the ransom. Not a guaranteed solution by any means but they would have been up and running sooner and would not be experiencing increasing costs or losses with each passing day.

  27. Baltimore – Corrupt to begin with, Mayor “forced” to resign for fraudulent behavior. As soon as I heard this, truly, I thought “They should have had PCMatic. No, they should NOT get Federal emergency funds. It’s a problem of their own incompetence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.