Watch CBS News

'Their Motive Clearly Seems To Be Money' | Passwords, Sensitive Documents Possibly Shared Online In Baltimore Ransomware Attack

BALTIMORE (WJZ) -- The City of Baltimore remains locked in a cyber battle with hackers.

A computer virus has taken down much of the city government online system.

A cybersecurity researcher told WJZ his team uncovered a Twitter account that claims to show documents and passwords gleaned from the ongoing attack.

Eric Sifford, a security researcher with Armor, shared a photo with WJZ -- purportedly from the hackers that demanded money.

"Their motive clearly seems to be money," Sifford said. "Right now, I don't think they've gotten any money."

Sifford said that the tweet was, "designed to get the attention of Baltimore City officials."

"They want them to pay attention to the demands," Sifford said.

The demand reads in part, "We've been watching you for days, and we've worked on your systems to gain full access to your company and bypass all of your protections."


The hackers said the city would not be able to access its data if it did not pay 13 bitcoins within 10 days. That's just under $106,000.


The note said the amount would increase by $10,000 a day after the fourth day.


The hackers warned against notifying the FBI, "We won't talk more. All we know is money! Hurry up! Tik Tak, Tik Tak, Tik Tak!"

When asked, city leaders declined to comment on whether or not they knew of Sifford's recent revelations.

"We're not going to address or discuss in any way the ransom demanded," Baltimore City Solicitor Andre Davis said.

Officials also wouldn't say whether or not they had any emergency or recovery plans in place.

"We will be back online more safely and securely than we were before," Frank Johnson, Baltimore City CIO, said.

City emails, online payments and real estate transactions have all stopped as the cyber attack continues.

"Whether it's a $1,000 shell of a row house to a $50 million office building; without the ability to search title, without the ability to get water bills and without the ability to get lien certificates, we don't have the ability to get any of those right now," Bob Flynn, of In-House Title Co., said.

Related Coverage 

Officials tried to assure the public that it's an all hands on deck effort, but many city services will remain offline for several more days.

"We're looking at late next week, but, obviously, there are no guarantees," Henry Raymond, Director of Finance, said. "It depends on what we find as we try to gain access to the databases."

To an extent, the hack is also affecting police work. City Police said Citiwatch Cameras and Shotspotter technology are still functional, but individual districts are having trouble seeing the cameras.

Mayor Jack Young said the City of Baltimore is doing everything it can.

"The commissioner told me everything was up and running, so we need to identify those districts that are happening because we're unaware of that," Young said.

The city's property tax bills are due out in July. Officials hope to issue those without any impact.

Billing for water, however, remains paper only.

Armor told WJZ they recommend these tips to a avoid a ransomware attack:

  • Do Not Leave RDP Servers Open to the Internet. Many of those launching ransomware attacks target "open" Remote Desktop Protocol (RDP) servers as their initial entry into a target's computer network.
  • Implement network segmentation where possible.
  • Employ strong security controls. Use robust, continuously updated anti-malware and active threat mitigation controls.
  • Keep IT systems and software up to date.
  • Keep employees continually educated about current and emerging cybersecurity risks.
  • Users should have back-ups of their data which is air-gapped from the Internet.
  • Be smart about passwords. Employees should utilize strong passwords, and never reuse passwords across multiple sites. These passwords should change periodically in accordance with a set policy.
  • Always utilize multi-factor authentication for access to critical systems: This provides an extra layer of security to prevent unauthorized access.
  • Ensure all critical data, applications, and application platforms are backed up by password-protected redundant systems.
  • Restrict permissions to install and run unwanted software or applications or extensions
  • Use caution when opening any attachment even if the sender is known and the file is expected. Watch for unusual or multiple file extensions such as .pdf.exe
  • Monitor users' web browsing habits and restrict access to unfavorable content
  • Exercise caution when using removable media such as thumb drives, external drives and CD/DVDs
View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.