According to Ars Technica , this will include $10 million to fund the full recovery of the IT infrastructure. Additionally, officials have estimated that the city lost revenues amounting to approximately $8 million while the systems were down.
So far the city has already spent over $1 million on new computer hardware. Baltimore has also hired temporary workers who are assisting in the malware cleanup process.
The lost revenues and the cost of recovery contrasts sharply with what the attackers were demanding – crypto worth $80,000. So why didn’t the city just pay off the hackers and save taxpayer dollars? Per the deputy chief of staff for operations for Baltimore’s mayor, Sheryl Goldstein, the FBI discouraged the city from meeting the demand of the attackers.
City authorities were of the view that paying off the hackers would not have solved the problem entirely, per Goldstein :
The federal investigators have advised us not to pay the ransom. The data shows you have less than a 50-50 chance of getting your data back if you pay the ransom, and, even if you pay the ransom, you still have to go within your system and make sure they’re out of it. You couldn’t just bring it back up and believe they were gone, and so we would be bearing much of these costs regardless.
In a tweet, Baltimore’s Mayor Jack Young, added that the Secret Service had also advised against paying the crypto ransom. Young also revealed that he was aware of city residents who would have preferred Baltimore just meet the hacker’s demands.
But he pointed that doing so was out of the question because ‘this is not the way we operate and we won’t reward criminal behavior.’ Additionally, Young warned that paying the crypto ransom still left open the possibility of more attacks by the same hackers. This is because they could have already planted more malware for future attacks.
Aware of the stand taken by Baltimore authorities the hackers have allegedly been applying pressure to get their demands met. According to the Baltimore Sun , the hackers may have leaked some of the documents they stole.
For weeks a Twitter account had been publishing faxes and other documents which were allegedly obtained by infiltrating Baltimore’s network. The owner of the Twitter account also contacted a Baltimore Sun reporter claiming to have financial documents. They also claimed to have sensitive and personal information of Baltimore residents.
The account threatened to leak more documents to the darknet unless the city’s mayor heeded their crypto ransom demands. Young has now said that the purported leak is under investigation.