The city of Baltimore in the US State of Maryland continues to struggle with the aftermath of a cyber incident incurred earlier this month, when attackers held municipal systems at ransom.
The RobbinHood ransomware attack on May 7 froze administrative transactions, payments and communication, leaving the city struggling to recover after officials refused to pay attackers’ ransom demands.
Two weeks after the attack, the city still couldn’t send and receive emails, but officials said they were making extensive efforts to regain control of the systems.
The latest roadblock comes from an unexpected source: Google. According to The Baltimore Sun (via securityinfowatch.com), “Gmail accounts used by Baltimore officials as a workaround while the city recovers from a ransomware attack were disabled because the creation of a large number of new accounts in one place triggered Google’s automated security system.”
A spokesman for the Internet giant told the publication that Gmail is protected by an automated system that disables accounts created in bulk in one place because it is considered an indication that someone might be running a spam or fraud campaign. After some back and forth, Google restored access to the accounts.
A spokesman for Mayor Bernard C. “Jack” Young said the city expects problems to continue for several more months, as the city responds to the incident using the help of a forensic team and a recovery team.
Officials have deployed new tools and procedures to get work done, including city-issued laptops, personal laptops and even public Wi-Fi – all rather unorthodox approaches as far as security is concerned.