Baltimore’s 911 dispatch system was breached Sunday, March 25th, shutting down automatic dispatching until Monday, March 26th, as well as halting call logs from 9:54 a.m. Sunday to 7:42 a.m. Monday.
A server running the city’s computer-aided dispatch (CAD) system was infiltrated around 8:30 Sunday morning, forcing caller information to be relayed manually for the remainder of the day into Monday. Under normal circumstances, caller information appears on a map and the nearest first responders are dispatched automatically. The attack effectively slowed this process and demanded that call center staff relay this information to dispatchers themselves.
The exploited vulnerability was a port that had been left open after an IT team attempted to troubleshoot a communications issue and in the process made changes to the firewall. City workers were able to take the affected server offline, conduct a thorough investigation, and successfully bring it back online by approximately 2 a.m. Monday morning. Later reports confirmed that the attack did involve ransomware, but neither the ransom amount nor the city’s response to the ransomware has been stated.