Baltimore officials are proposing to use $10 million in excess revenues to pay for the costs of recovering from a crippling ransomware attack that began in May.
The proposal is set to go Wednesday before the city’s spending board, starting a process that then will proceed to the City Council. Democratic Mayor Bernard C. “Jack” Young controls the board and the proposal is expected to be approved.
According to the board’s agenda, the money is to be used for “staffing; cybersecurity consultants; laptops, mobile Wi-Fi hotspots, and other critical technology devices enabling the city to continue operations; and other cost associated with recovery.”
Officials have said they are using a mix of emergency contracts and existing contracts to help with the recovery, which is now in its eighth week, but the city has not disclosed who the contractors are.
After hackers locked up city files and demanded ransom, the city’s emails, a credit card payment system and the property market came to a standstill. Some services remain offline.
The city’s budget office has estimated the cost of responding to the hack at $18 million. In addition to the $10 million for staff, consultants and gear, that total includes $8 million in lost or deferred revenue.
When the city incurs an expense not anticipated in the annual budget, it must approve a “supplementary appropriation” to cover the cost and disclose the source of the money.
In the case of the ransomware response, city finance officials are proposing to use money “in excess of the revenue relied on by the Board of Estimates in determining the tax levy required to balance the budget.”
Once the board approves spending that $10 million, the City Council will consider it as a piece of legislation.