On May 7, the City of Baltimore was attacked with ransomware that shut the city’s servers down. This type of malware infects a computer and restricts access to it until a ransom is paid. 

The New York Times reported that more than 40 municipalities have been the victims of cyberattacks this year, and the Cybersecurity and Infrastructure Security Agency stated in August that it is the most visible cybersecurity risk among private sector organizations and government agencies.

The city provided laptops that allowed staff members to access the internet so they could work in a limited capacity. But for the Fleet Management Division, no server access meant no e-mails, no fuel system, and no fleet management information system (FMIS). Fleet staff members immediately reverted to paper work orders. 

“It’s an unwritten policy that whenever we have hiccups with the system, or the system goes down, or the network sometimes goes down, we just revert to paper backup copy,” said Renee Johnson, fleet IT supervisor, who manages the FMIS.

Because the fleet division was in the middle of transitioning to a web-based FMIS, the Faster software was back up and functioning within three weeks. Baltimore had Faster Asset Solutions host the data temporarily. 

Fueling automation was down, so attendants at the fueling sites manually logged fuel purchases on clipboards. They would then send the information to the fuel systems team to enter into an Excel file to be later uploaded into the fuel management system. The team did this for about a month and a half before the system was back online, Johnson said. 

The division delayed its inventory count because of the ransomware. In addition, it also affected vendor relationships and delayed the division’s ability to bill its user departments.

As different systems came back online, Fleet Management staff set out to input data. They had three weeks of work orders to put into the FMIS, with technicians averaging 200 work orders a day. Johnson said it took about three weeks to get everything entered, including labor hours and parts used, and that this part caused the biggest headaches for Johnson. Technicians were writing “brake job” into their paper forms, and it was up to clerks to determine what the repair codes were for the software.

“When you have clerks inputting this massive amount of data, those were the kind of places where we were a little bit challenged, because the clerk is going to try to interpret what a technician has put down as a repair, and it didn’t translate over very easily,” she said.

Johnson added that when entering work order information, it’s best to enter parts orders in first “because you can’t issue out parts that aren’t there.”

Abrar Abukhdeir, deputy chief of fleet, began his job a month after the attack. He previously worked for a company that exported vehicles and walking in during the middle of recovery efforts allowed him “to see the process behind the systems,” Abukhdeir said. “But on the other hand, I was also able to see how much easier and how much more efficient the processes are with technology.”

How to Avoid Malware

IT departments often take steps to prevent malware from reaching users at their jobs, such as installing anti-virus software and marking e-mails that come from an external source. However, users should also be proactive and aware of how to avoid unknowingly downloading malware. Here are some steps to take, from the Federal Trade Commission:

• Set your security software, internet browser, and operating system to update automatically

• Don’t change your browser’s security settings, and pay attention to its security warnings

• Instead of clicking on a link in an e-mail, type the URL of a trusted site directly into your browser

• Don’t open e-mail attachments unless you know who sent them and what they are

• Don’t click on popups or banner ads about your computer’s performance

• Scan USBs and other external devices before using them

• Back up your data regularly.