The City of Baltimore experienced a ransomware attack May 7, with systems expected to remain down for at least another week. This has caused havoc in the liens office and caused underwriters to prohibit agents from issuing title policies, suspending closings on city property.
Mayor Bernard C. “Jack” Young first informed citizens of the attack via Twitter, stating “Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus. City employees are working diligently to determine the source and extent of the infection. At this time, we have seen no evidence that any personal data has left the system. Out of an abundance of precaution, the city has shut down the majority of its servers. We will provide updates as information becomes available.”
According to a story in the Baltimore Sun, the city’s computer system has been encrypted with the RobbinHood virus and hackers are requesting 13 Bitcoin to free the city’s system. It further reported that on Tuesday, the ransom message said that the ransom must be paid within 4 days or the price would go up.
During a press conference on May 15, Finance Director Henry Raymond said that the city’s lien system is presently not available and that no real property transfers are being conducted in the city.
“We’re working to regain access, hopefully late next week, but there’s no guarantees,” he said.
“We have been in touch with the Greater Baltimore Realty board to keep them advised as to where we are,” Raymond continued.
City Solicitor Andre M. Davis added, “The attorney general’s office is working with lawyers in the clerk’s office, the liens office, to get that system back as soon as possible. The people who want to buy a house in the city are very important to us.”
The Greater Baltimore Board of Realtors (GBBR) put a notice on its website informing interested parties of the issue as well. The notice stated, “Baltimore City suffered a ransomware attack on May 7, 2019. As a result, the City Transfer Office cannot process deeds or deeds of trust for recordation. The city also cannot issue lien certificates or generate water bills or determine what city liens have or have not been paid. While the city is aware of the problems, it is unable give a time frame on when it will be able to resume operations.
“Most major title insurance companies issued bulletins on May 13, 2019 prohibiting their agents from issuing title insurance policies for Baltimore City properties until the city computer problem is resolved. GBBR’s leadership team is attempting to schedule an emergency meeting with city officials. Once that meeting has taken place, we will provide an update. If you have a transaction pending for Baltimore City property, you should call the title company handling the transaction and inquire whether your specific transaction will be impacted.”
Among the underwriters issuing alerts and bulletins was Westcor Land Title Insurance Co., which issued a Closing Alert informing agents that “the city is not issuing lien sheets and updated information is not available for possible violation charges, tax payments or water bills all of which are required to be paid in order to record a deed; the city is not accepting recordings pending resolution of the ransomware attack to its network.”
It asked agents to suspend the issuance of Westcor commitments or closings “until Baltimore City has once again established a method of providing up-to-date information and resumes accepting recordings.”
North American Title Insurance Co. (NATIC) issued a special alert to its agents informing them that the company was suspending the issuance of title insurance commitments and policies for Baltimore properties until further notice.
“NATIC is aware of the ransomware attack in Baltimore, and we have issued a special alert to our agents to clarify our position regarding accepting risks while the city’s services are unavailable,” NATIC Executive Vice President and Chief Underwriting Counsel Valerie Jahn-Grandin said. “We will continue to monitor the situation and determine if any changes to our underwriting guidelines are necessary.”
Stewart said it “continues to monitor the situation in Baltimore City and is in contact with our customers and issuing offices. We remain prepared to serve our customers and keep all parties informed of any significant updates. Our cybersecurity team continues to monitor local offices and provide guidance as necessary.”
Stewart further stated, “We are also working with the lenders to find solutions for our customers and are prepared to support them as soon as the city systems are operational. These are challenging times for the residents of Baltimore city, and we are committed to supporting the city and our community throughout the process.”
First American Title Insurance Co. and Old Republic National Title Insurance Co. also reportedly sent bulletins to their agents.
“This is an ongoing criminal investigation,” Davis stated during the press conference. “There is very little we can say. We are working hand and glove with the FBI and experts and Microsoft.”
He said that progress is being made, with a focus on payments and finance. He added that the websites are up but the email system is down.
“I can tell you all confidently we will be back on line and we will be back online more safely and securely than before,” said Frank Johnson, Baltimore chief digital officer and chief information officer. “Our technology partners, our employees, are working around the clock to help us remediate.
“The good news and the bad news is we’re not the first and we’re not alone,” he continued. “The process we are following is what you can quantify as industry best practices. We are not doing this alone; we are doing this led by people with a deep area of expertise.”