Baltimore spending panel approves final receipts from the City’s 2019 ransomware attack

When this week’s agenda for Baltimore’s Board of Estimates meeting came out, we were interested to note proposed payments from the City to two cybersecurity companies among the many items up for consideration. So, we followed up to find out more these spending moves. Turns out, they trace back to the 2019 ransomware attack.

On Wednesday, the City’s spending panel approved a final $650,000 payment to California-based cybersecurity firm FireEye for emergency services during the 2019 ransomware attack and mitigation work following the event.

Also approved was $35,000 to Glen Burnie-based Skyline Technology Solutions to cover costs for time when the contractor acted as the city’s Chief Information Security Officer. This was prior to the hiring of current Baltimore CISO Kevin Kearney, city officials said.

The 2019 attack, which infected the city’s network with the Robbinhood ransomware, shut down systems and froze key city functions. Once the city was back online, it shifted the city’s perspective on information technology and cybersecurity. The city’s IT budget has since seen a major increase. The event alone cost the city $1.3 million in emergency funds just to hire FireEye, and the Baltimore City Council approved a total $10 million for recovery efforts in the months after the attack, StateScoop reported.

Both of the measures approved this week were final payments for contacts that ended in June 2020, and were approved in the routine agenda of the Board of Estimates meeting, without much discussion.