Baltimore City’s board has decided to devote a surplus of $10
million toward an emergency ransomware response in the city, after officials
refused to pay $80,000 to the attackers.

Baltimore City officials this week approved the emergency funding to cover ongoing costs associated with a widely publicized ransomware attack that crippled city services in May, WBAL reports. Eight weeks after the attack, the municipality is still struggling with some systems, such as water billing.

“(The Mayor’s Office of Information Technology) has a
lot of data and a lot of servers, and we want to make sure the data is restored
and it is properly functioning before we start sending out water bills,”
said Sheryl Goldstein, the mayor’s deputy chief of staff.

So far, the hack has cost the city around $18 million in
recovery costs, and the toll is rising. The attackers had reportedly asked for
$80,000 to $100,000 to decrypt infected systems. Law enforcement authorities,
however, advised city officials to decline the hackers’ demands.

Soon after the attack, an investigation revealed attackers
had used the EternalBlue exploit developed by the NSA. Since hackers leveraged
a state-developed hack, Baltimore Mayor Bernard Young said the city would seek
federal assistance.

In related news, two cities in Florida paid half a million dollars each after similar attacks. With their ransom demands fulfilled, attackers (this time) stuck to their end of the bargain and handed the victims their decryption keys.