Baltimore City Council committee approves $10 million in funding for ransomware recovery

The Baltimore City Council’s budget committee voted Thursday to approve $10 million to cover the information technology department’s costs to recover from a ransomware attack that brought down city computer networks.

More than half the money has already been spent on consultants, equipment and overtime pay, and the legislation is being fast-tracked so it can be finalized at the council’s next meeting in August.


The city’s budget office has calculated the cost of the attack at $18 million, adding $8 million in lost revenue to the price of the recovery.

Hackers broke into the city’s networks and on May 7 locked up files. They demanded a ransom equivalent to $76,000 to turn over the digital keys, but the city refused to pay.


City officials disclosed last week that they have so far spent $2.8 million hiring security consultants and other companies; $486,000 on technicians to set up new computers; $112,000 on overtime for city staff, and $1.9 million on new hardware and software. At Thursday’s hearing, IT department officials said invoices were still coming in.

Maryland Policy & Politics

Maryland Policy & Politics


Keep up to date with Maryland politics, elections and important decisions made by federal, state and local government officials.

Although the committee agreed to forward the legislation to the council for consideration, Democratic Councilman Isaac “Yitzy” Schleifer said he wanted more information before he would vote in favor of the money on the floor. He requested copies of invoices and details about how the remaining funds would be spent.

“You could buy the neighborhood I grew up in for $10 million," Schleifer said.

Democratic Councilman Eric Costello, the committee chairman, used the hearing to press the city’s IT leaders on whether they had a written disaster response plan before the attack. After being asked several times, IT director Frank Johnson acknowledged they did not, something the mayor’s office has previously acknowledged.

Officials said it could take nine months to produce a plan, a timeline Costello said was concerning.

The origin and method of the attack remain unclear. Officials have declined to discuss the matter in detail because it is under investigation by the FBI.

But an FAQ the city posted last week on its website rebutted a report by The New York Times that a tool developed by the NSA known as EternalBlue played a role.

“Our independent computer forensic experts have found no evidence that EternalBlue was a factor in the Baltimore city ransomware attack,” the FAQ reads.