New report sheds light on Baltimore County Public Schools ransomware attack
BALTIMORE — The Maryland Inspector General's Office has released its findings more than two years after a ransomware cyberattack forced Baltimore County Public Schools to shut down district-wide.
A new 6-page report provides a clearer picture of what happened on that day.
The incident, which began with an email being mistakenly opened by a staff member, will cost the school system nearly $10 million to recover from.
According to the report issued by the Inspector General for Education, the attack originated from an unsolicited phishing attachment addressed to an Education Professional.
Despite being unable to open the attachment, an attempt to investigate the suspicious email by a BCPS security contractor misfired, as they opened the email with the attachment using their unsecured BCPS email domain account, thus delivering undetected malware into the BCPS IT network.
This resulted in potential data vulnerabilities, during a surge of online learning activities due to the pandemic. In response, the Teacher's Association of Baltimore County has taken swift action.