Enlarge / Ransomware took Baltimore’s 911 system offline on March 24 and 25 as the city’s IT department worked to isolate and restore the computer-assisted dispatch network. (credit: Kim Hairston/Baltimore Sun/TNS via Getty Images)

Last Friday, the City of Atlanta was struck by a ransomware attack that took much of the city’s internal and external services offline. As of today, many of those services have been restored, but two public portals remain offline. On Saturday, the automated dispatch network for Baltimore’s 911 system was also taken offline by an apparent ransomware attack. And yesterday, Boeing’s Charleston facility—which manufactures components for Boeing’s 777 and other commercial jets, and for the Air Force’s KC-46 tanker—was struck by what was initially reported to be WannaCry malware.

While it is not clear at this point if these attacks are related in any way, the vulnerability of both businesses and government agencies—particularly local governments—to these sorts of attacks has been continuously demonstrated over the past few years. Even as organizations have moved to deal with the vulnerabilities that were exploited in the first waves of ransomware and ransomware-lookalike attacks, the attackers have modified their tactics to find new ways into networks, exploiting even fleeting gaps in defenses to gain a destructive foothold.

Baltimore’s 911 emergency weekend

In the case of the Baltimore 911 system, the type of ransomware attack is not yet clear, but the city’s top information systems official confirmed that Baltimore’s computer-aided dispatch (CAD) system was taken offline by ransomware. In a release emailed to Ars Technica, Baltimore Chief Information Officer and Chief Digital Officer Frank Johnson said that the CAD network was shut down over the weekend “due to ‘ransomware’ perpetrators” and that the city’s IT team was able to “isolate the breach to the CAD network itself.” Systems connected to the CAD network, including systems at the Baltimore City Police Department, were taken offline to prevent the spread of the ransomware.