Ransomware, Content

Baltimore Ransomware Attack Update: City to Buy $20M in Cyber Insurance

The Baltimore Board of Estimates has approved the city's purchase of $20 million in cyber liability coverage, according to The Baltimore Sun. Baltimore officials previously discussed buying cyber insurance in August after cybercriminals launched a ransomware attack against the city earlier in the year.

Baltimore's cyber liability insurance covers any disruptions to city networks over the next year, The Baltimore Sun reported. The coverage includes two plans: one that offers $10 million in liability coverage from Chubb Insurance at a cost of $500,103 in premiums, and another that features $10 million in excess coverage from AXA XL Insurance at a cost of $335,000.

Both of Baltimore's cyber liability insurance plans have a $1 million deductible, The Baltimore Sun indicated. Also, Baltimore's cyber liability coverage will remain in effect for one year.

The City of Baltimore's decision to purchase cyber insurance comes after Baltimore officials recently announced that Frank Johnson would no longer serve as the city's CIO. Johnson was Baltimore's CIO when this year's ransomware attack occurred.

Johnson was placed on unpaid leave last month. He has been replaced by Baltimore VP of IT Todd Carter, who took over for Johnson as the city's acting CIO in September.

A Closer Look at the Baltimore Ransomware Attack

The Baltimore ransomware attack was discovered May 7. Cybercriminals used RobbinHood (aka RobinHood) ransomware during the attack and demanded about $100,000 in Bitcoin to unlock hijacked files; they also shut down most of the city's servers and some government applications.

Baltimore officials have created a review board to audit the city's cybersecurity response and preparation following the ransomware attack. In addition, they have transferred $6 million from a fund for parks and public facilities to help cover "remediation and hardening" costs associated with the attack.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.