The city’s watchdog confirmed that the Baltimore City IT (BCIT) agency used an outdated data storage that led to the massive ransomware attack.
Several key data were reportedly lost due to the attack that took place in May this year. As the agency stored files in employees’ computers hard drive. The city’s municipal networks crippled altogether because of a single yet relevant mistake that the agency failed to do.
According to The Baltimore Sun, the cost of improving the city’s IT department and delayed revenue was $18.2 million. The hackers were able to get thousands of dollars from the computer systems by shutting down the servers.
Auditor Josh Pasch said that Baltimore City Information Technology ‘could not turn over documentation related to four key measures, undermining its performance during the 2017 and 2018 fiscal years. “Without any supporting documentation, BCIT cannot demonstrate whether the actual amounts were accurately reported…resulting in loss of confidence in data reliability presented,” the audit report indicates.
Because of the ransomware attack, the valuable files couldn’t be traced. Therefore, the BCIT couldn’t suggest whether they needed modernizing mainframe applications. And if there is an increasing amount of data available in the city council.
Pasch said that the agency wouldn’t avail itself a reliable storage solution meant to preserve backups in times of malicious attacks like what happened in May. The said cloud storage can help prevent threats like the ransomware attack, that corrupted valuable files.
“Performance measures data were saved electronically in responsible personnel’s hard drives. One of the responsible personnel’s hard drive was confiscated and the other responsible personnel’s selected files were removed due to the May 2019 ransomware incident,” reported Pasch.
Not Doing Its Job
After the investigation, Pasch claims that the question here is whether the IT department was doing its job.
The BCIT Director Frank Johnson, who is on leave from the agency, affirmed the findings and said that the agency would be working hard to improve its data storage practices.
An estimated $10 million is the budget allotted by the city council to recover lost files and to improve its servers and storage systems. Meanwhile, $8.2 million is allocated for a potential loss or delayed revenue such as property taxes and some fines.
Baltimore refused to pay the RobbinHood virus’ demand of 13 bitcoins, valued $76,000 at the time of the attack. However, the recovery costs a lot more, with city council spending more than $18.2 million for the recovery of files.