Martin R. Okumu lived through the ransomware attack on the City of Baltimore in 2018, which affected 90% of the municipality’s applications. As the then-director of IT infrastructure for the city, he learned a lot of valuable lessons about defending against and recovering from a ransomware attack.
On Tuesday afternoon, he shared those lessons with (ISC)² Security Congress 2021 attendees during a virtual session. He is now the Chief Information Officer for the City and County of San Francisco.
In many ways, Okumu said, Baltimore was not prepared for the attack. The city did not have a cyber incident response team (CIRT), or well-defined plans for activating an incident response, or how to handle communication and escalation.
These are elements that organizations need in order to fend off a ransomware attack. “If you have these things in place and outline these procedures, you are in better shape than we were,” he said.
The city descended into chaos and confusion in the attack’s aftermath because of the lack of clearly defined procedures and roles, Okumu said. The only saving grace was that the city had invested in both on-premise and cloud backups. Still, it cost U.S. $18 million to recover from the attack after Baltimore refused to pay a ransom demand of between 1 and 5 bitcoins, Okumu said.
The Attack
The attack was first discovered in the early morning of May 19, 2018. It had started sometime between 4 a.m. and 7 a.m., Okumu said. When trying to log on to their computers, users were getting a message saying the systems had been encrypted with Ransom.Robinhood ransomwar ..
Support the originator by clicking the read the rest link below.
