ransomware recovery costs, ImageQuest

Ever think about what you’d need to do to recover from a ransomware attack? What services you’d need to hire to get your organization back up and running?

Well, you might look to Baltimore as an example.

Last week, city officials there approved payments to seven firms which helped Baltimore get its systems back online after a spring ransomware attack.

The Baltimore Sun reported the payments will total $3.7 million.

The contractors ranged from forensics experts to track the source of the malware, to a law firm that assisted with the city’s response plan, and another firm that worked to restore the city’s damaged hardware and software.

Baltimore also purchased new cyber insurance policies, from Chubb and AXA XL, paying more than $835,000 for $20 million in coverage. The city’s new insurance has a $1 million deductible, the Sun reported.

City officials earlier estimated the total cost of the ransomware attack at $18 million, a figure that included lost revenues and productivity. So far, according to the Sun, they have budgeted for $10 million for out-of-pocket recovery costs.

And, we might note, the city is still dealing with the aftermath, five months after the May attack. Baltimore did not make any ransom payments and restored its systems with the contractors’ help.

The city is now “building a better and stronger and more protected network,” a city operations director told the Sun, and expects that process to take up to 18 months.

Meanwhile, the city’s IT director is no longer the IT director. The Sun reported Frank Johnson went on leave in September, and ended employment Oct 1.

Under his watch, Baltimore experienced two ransomware attacks (the first happening in 2018,) never purchased cyber insurance coverage, and lacked a written plan for responding to such attacks, the Sun reported.

Johnson also apologized during a June city budget meeting for doing a “poor job of sharing information” with other city officials about the attack and recovery efforts.