Baltimore City Council President Brandon Scott announced the creation of a Committee on Cybersecurity and Emergency Preparedness on Thursday, as the city works to restore the systems taken down by a debilitating ransomware attack last week.

“This cyber attack against Baltimore City government is a crisis of the utmost urgency,” Scott said. “That is why I will convene a select committee, co-chaired by Councilman Eric Costello and Councilman Isaac ‘Yitzy’ Schleifer, to examine the City's coordination of cybersecurity efforts, including the Administration's response to the cybersecurity attack and testimony from cybersecurity experts.”

A type of ransomware known as “RobinHood” took down several of the city’s services last week, including some of the capabilities of the Baltimore City Department of Transportation, the Department of Public Works, and the Department of Finance. The city is also currently unable to send or receive email.

ADVERTISEMENT

“[T]he good news is that City services including Public Safety (Baltimore Police Department, Baltimore City Fire Department, 911), Water Services Operations, and Public Works currently operate without interruption despite this threat,” Scott said.

However, he cautioned that the “bad news is that we don’t know when this threat will end or who is perpetrating this attack on our city and the services that we provide to the people of our city and region.”

Scott noted that he is in “daily contact with [Trump] administration officials” about the attack, and that he “stands ready” to work with agencies including the FBI and the Department of Homeland Security to enable the city’s systems to recover.

The city has been working with the FBI and industry partners including Microsoft to recover from the attack, Baltimore City Solicitor Andre Davis said during a press conference Wednesday, describing the malware incident as a “vicious assault.” Davis said Baltimore city officials have also been in contact with their counterparts in Atlanta to discuss “lessons learned” from the similar ransomware attack Atlanta went through in 2018.

“The victim is out of ICU, is healing nicely, there is a long course of physical therapy ahead of the victim, but we’ll be back, and we’ll be back stronger,” Davis said of the city’s computer system.

Baltimore City Chief Digital Officer Frank Johnson said during the same press conference that while he was “confident” the city’s systems will eventually be “back online more safely and securely than we were before,” he could not give an exact time for when the systems would all be fully operational.

“Anybody who is in this business will tell you that as you learn more, those plans change by the minute, they are incredibly fluid,” Johnson said. “Trust me when I tell you there are hard-working, dedicated employees who put their personal lives on hold because they love this city who are working hard to get us back online.”

Baltimore Chief Financial Officer Henry Raymond acknowledged to reporters that there have been some delays in paying city contractors caused by the ransomware attack, and that his team is in the process of putting together a “contingency plan” for dealing with property taxes that are due after the end of June, in case city systems have still not fully recovered.

City officials have not commented on the amount or type of ransom demanded by the perpetrators, but Davis cited an open investigation into the incident and said he hoped to prosecute those who carried out the attack.

“We continue to direct our resources with great specificity to identifying and maybe one day prosecuting the culprit,” Davis said.