- A ransomware attack in Baltimore has shut down numerous government servers, preventing citizens from using essential services and blocking city employees from accessing their emails and computers.
- The attack has been going on for two weeks and Baltimore has refused to pay the ransom.
- This is the second attack on Baltimore in the last 15 months.
- A similar attack in Atlanta last year cost the city an estimated $17 million in fixes.
Government computer servers in Baltimore, Maryland have been held hostage by hackers for two weeks, preventing citizens from accessing essential services and impending government functions.
The attack occurred on May 7, when hackers breached nearly 10,000 government computers and demanded the city pay them 13 bitcoins, now about $100,000, to get their system networks back.
According to the Baltimore Sun, who obtained a copy of the ransom note, the hackers said they would increase the ransom if the city did not pay in four days. If the city did not pay in 10 days, they said it would not get their information and data back at all.
Both those deadlines have come and gone, and the city has refused to pay the ransom, meaning that the servers that were shut down by the attack are still offline.
The hackers used ransomware called RobbinHood, which uses software to block access to servers. In order to get that access back, you need a sort of “digital key.” If the ransom is paid, the hackers would give the city that key. According to experts, replicating the key without the help of the hackers is essentially impossible.
Baltimore officials were first alerted to the ransomware attack when the Department of Public Works reported that their email servers had been shut down.
Once the city realized what was going on, the Office of Information Technology shut down most of the city’s non-emergency system, so the attack would not spread further.
It is not clear how widespread the attack was because the infected systems are still down.
City officials have said that emergency services like 911 dispatch were not affected by the attack, but it has still impacted the citizens of Baltimore and city employees.
Certain systems are down, so residents have not been able to access essential services, like the websites where they pay water bills, property taxes, and parking tickets.
City employees have been locked out of their emails for two weeks now, forcing them to use their own laptops and personal e-mail addresses to get work done.
The issue of government employees using private servers and personal accounts could raise questions about transparency and accountability, as those are practices usually not allowed under normal circumstances.
The attack has also hurt Baltimore’s property market because officials cannot access systems required for real estate sales.
“We are well into the restorative process, and as I’ve indicated, are cooperating with the FBI on their investigation. Due to that investigation, we are not able to share information about the attack.” Baltimore Mayor Jack Young said in a press release. “As I’ve mentioned previously, we engaged leading industry cybersecurity experts who are on-site 24-7 working with us.”
Mayor Young did not say how bad the damage was, nor did he give a definitive timeline for recovery.
“Some of the restoration efforts also require that we rebuild certain systems to make sure that when we restore business functions,” he said. “I am not able to provide you with an exact timeline on when all systems will be restored.”
Other Instances of Cyber Attacks
The attack on Baltimore has raised questions about the importance of safeguarding cities against cyber attacks. This is especially true for Baltimore, as the ransomware marks the second cyber attack the city has had in the last 15 months.
Just last March, a different attack shut down the city’s 911 system for nearly a whole day, forcing dispatchers to give first-responders essential information about emergencies by phone instead of electronically.
While any number of cities or companies are susceptible to being hacked, some experts have argued that Baltimore is especially vulnerable.
“I think broadly they are not prepared for these sorts of things, they do not have the budget,” said Bill Siegel, a chief executive at Coveware told the Wallstreet Journal. His firm helps various entities that have experienced cyber attacks and he said, “I think it’s pretty obvious that they have not been able to stay ahead of it.”
That is not for lack of trying. After last year’s attack, Baltimore City Council President Brandon Scott pushed city officials to invest in strengthening the city’s cyber defenses.
According to Ars Technica, Baltimore’s information security manager also warned that the city needed a formal policy to address cybersecurity during budget hearings last year.
However, the budget did not include any funding for that policy or any other investments in information technology infrastructure. Now it’s coming back to bite them.
That said, Baltimore is not alone. Just the last year, more than 20 different municipalities have been hit by cyber attacks. Last month, Greenville, North Carolina was hit with a similar attack that used the same RobbinHood ransomware.
Last year, Atlanta made headlines when hackers demanded that the city pay $50,000 in bitcoins in another ransomware attack. Like Baltimore, both Greenville and Atlanta refused to pay the ransom.
While that’s exactly what experts and law enforcement officials recommend, often times, the costs of a cyber attack can be much higher than the ransom requested.
According to a report obtained by the Atlanta Journal-Constitution and WSB-TV, the attack in Atlanta ended up costing nearly $17 million to fix.
Unlike Baltimore, Greenville and Atlanta had insurance to cover cybersecurity incidents, so hypothetically, Baltimore could pay even more than Atlanta to restore the city after the hack.
Cybersecurity experts had said it probably will take months for Baltimore to recover, and the costs are expected to be extremely high, which is a burden that could end up in the hands of taxpayers.
See what others are saying: (Vox) (The Wall Street Journal) (The Baltimore Sun)
Mother and Boyfriend Charged After Abandoning 3 Children in Apartment With Sibling’s Remains
Authorities said the malnourished children had been living in the unit without their parents for months.
Abandoned Children Discovered in Houston
Police in Texas arrested a mother and her boyfriend on Tuesday after finding the woman’s three children abandoned in an apartment unit with the remains of their sibling.
Authorities found the 7-, 10-, and 15-year-old boys on Sunday when the teen called police to report that his brother had been dead for a year and that his body was in the unit.
When authorities arrived at the scene, they found the children living in “deplorable conditions.” Police also found the skeletal remains of an 8-year-old, who they emphasized had been decomposing for an extended period of time.
Harris County Sheriff Ed Gonzalez said the boys were fending for each other, with the eldest doing his best to care for the younger ones. According to the teen, his parents hadn’t been living in the apartment with them for months.
Gonzales called it one of the most shocking cases he had ever seen in all his years in law enforcement, and many are now asking how these kids could have been suffering for so long without anyone ever noticing.
Signs That Went Unnoticed
The Daily Beast reported that the kids hadn’t been attending school since May 2020, claiming that the school even conducted an unsuccessful home visit in September of that year.
On top of that, the children had been without power for several weeks, with one neighbor telling local reporters that the teen would often charge his phone at her place.
Another neighbor, Erica Chapman, said she had once found the teen sleeping on a playground slide, so she gave him some food and drinks.
“I asked him if he was hungry. He said, ‘Yeah,’ and I brought him out some food and some drinks,” Chapman told KHOU.
She said he “wouldn’t talk about his parents,” and she didn’t push because she wanted him to feel safe coming to her if he needed food. Chapman added that she would drop off food at the apartment sometimes but said it was hard to tell what was going on inside.
Police also described a foul odor coming from the unit, which a different neighbor said she complained to management about more than once. That woman claimed the smell was so vile, she could not turn on her air conditioning.
Dianne Davis, who lived in the complex for two years, told The Houston Chronicle that the building manager performs regular inspections on the units, with the most recent one happening last week.
“How come they couldn’t detect this?” Davis told the paper. “How could that not have been found?”
Mother and Boyfriend Face Charges
According to Child Protective Services (CPS), the agency does have a history with the family, but there was no active investigation at the time the kids were discovered.
After they were found, the boys were treated at a hospital and placed with CPS while the agency seeks emergency custody of them.
At the hospital, doctors discovered fractures in the 7-year-old face and said two of the three boys were malnourished. Meanwhile, the medical examiner’s office said the deceased child suffered multiple blunt force injuries and ruled his death a homicide.
Police located the mother, 35-year-old Gloria Williams, and her boyfriend, 31-year-old Brian Coulter, on Sunday. They were interviewed and initially released without charges.
ABC13 reported that the teen texted his mother, who lived just 15 minutes, before calling the police.
On Tuesday, the couple was finally arrested while allegedly reading articles about themselves at a library. Williams, faces multiple charges, including injury to a child by omission and tampering with evidence involving a human corpse.
Meanwhile, Coulter was charged with murder over the death of the child, though both he and Williams are expected to face more charges as investigators continue to unpack the details of this case.
See what others are saying: (The Houston Chronicle) (The Daily Beast) (The Washington Post)
Man Spent COVID Relief Loan on $58,000 Pokemon Card, Feds Say
The man is facing a wire fraud charge, which carries a max sentence of up to 20 years in federal prison, along with a $250,000 fine.
COVID Relief Funds Used on Pokemon Card
Authorities have accused a man in Georgia of misusing COVID-19 relief funds, claiming that he spent $57,789 on a single Pokemon card.
Prosecutors said Vinath Oudomsine made false statements about the gross revenue his business earns and the number of workers he employs when he applied for aid authorized under the CARES Act.
On his July 2020 application, Oudomsine allegedly claimed he had 10 employees and 12-month gross revenues of $235,000.
The following month, he was given about $85,000 from the Small Business Administration (SBA), which means he spent nearly all of the money on the rare card.
Authorities have given few details about the specific card purchased, though they have said Oudomsine was charged with wire fraud and is expected to appear in court on Thursday.
The charge carries a max sentence of up to 20 years in federal prison, along with a $250,000 fine.
Misuse of COVID Relief Funds
Oudomsine is far from the first person to face charges for fraud related to small business loans issued amid the pandemic. Others who received relief funds have been accused of spending the money on Lamborghinis, nights at strip clubs, and even an alpaca farm, among other purchases.
In fact, the first person to be charged with fraudulently seeking a pandemic relief loan was recently sentenced to 56 months in prison following a nationwide search after the man faked his own death.
According to The Washington Post, a federal watchdog said this month that the SBA overpaid $4.5 billion in grants to self-employed people and that “no system of controls was in place to flag applications with flawed or illogical information.”
On top of that, the SBA inspector general determined earlier this year that the agency rushed to send out billions of dollars in loans through the Paycheck Protection Program (PPP) “at the expense of controls” that could have blocked inappropriate aid.
In a statement on Sunday, the agency said that under the Biden administration, it has worked with Congress and the inspector general to add antifraud measures. Meanwhile, defenders of pandemic relief programs have argued that flagged loans and grants represent only a small fraction of the distributed aid that has been critical to small businesses and their pandemic recovery.
See what others are saying: (NPR)(USA Today)(The Washington Post)
FDA Authorizes Moderna and J&J COVID Vaccine Boosters, Approves Mix-and-Match Doses
The approval will allow at-risk Americans who received Pfizer and Moderna vaccines to get any booster six months after their initial series and all Johnson & Johnson recipients 18 and older to do the same two months after their single-shot dose.
New FDA Authorization
The U.S. Food and Drug Administration (FDA) on Wednesday authorized boosters shots of Moderna and Johnson & Johnson COVID-19 vaccines and approved a mix-and-match strategy that will allow people who got one company’s shot to get a booster from a different maker.
The decision paves the way for millions of more at-risk Americans to get extra protection, and not just certain Pfizer recipients as previously approved by the FDA.
Under the authorization, people who received Moderna or Pfizer can get any one of the three booster shots six months after completing their initial series if they are 65 and older, at high risk of severe COVID, or face increased exposure because of their work.
Meanwhile, all J&J recipients 18 and older can get any of the approved vaccines two months after they received the one-shot jab.
Hazy Recommendations, For Now
Notably, the FDA did not recommend a certain combination of vaccines, nor did the agency say whether or not it would be more effective for people to stick with their original vaccine maker for their booster.
The new authorizations draw on a study from the National Institutes of Health (NIH), which found that there are no safety concerns with mixing boosters and that vaccine combinations were at least as effective in stimulating antibodies as matched vaccines.
In the case of J&J recipients, the NIH found that people actually had a higher boost from mixing either Moderna or Pfizer boosters.
However, some of the scientists who worked on the study said it should not be used to recommend one combination over another because the research was limited.
The Centers for Disease Control and Prevention (CDC), which determines vaccine recommendations, could issue more guidance on when and whether people should switch vaccine makers for their booster shots.
An advisory panel for the agency is meeting Thursday to discuss the new FDA authorizations and recommendations.
Once the panel makes its decision, the CDC director has the final say on the guidelines. If the agency agrees with the FDA’s decisions, the booster shots could be rolled out as soon as this weekend.