[UPDATE 5/23/19. 2:44pm PT: a Google spokesperson contacted me with the following statement: "We have restored access to the Gmail accounts for the Baltimore city officials. Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network." An anonymous source told me that the accounts were disabled when Google detected bulk account creation, which is "highly correlated to spammy and fraudulent behavior."]
"Gmail accounts created by Baltimore officials as a workaround while the city recovers from the ransomware attack have been disabled because Google considers them business accounts that should be paid for," reports Ian Duncan of The Baltimore Sun. As my IFTF colleague Dylan Hendricks pointed out on Twitter, this is an "amazing signal about the massive security vulnerabilities of technology-based bureaucracies."
From The Baltimore Sun:
Mona Rock, a spokeswoman for the Health Department, said she logged in Thursday morning and can see old messages but not send or receive old or new ones. She said there was no notice showing why the account wasn’t working.
The ransomware struck on May 7, locking up city records and shutting down baltimorecity.gov email addresses. The hackers behind the attack demanded payment in the digital currency bitcoin to turn over the keys to the files.
The mayor’s office has said it could take months to recover. In the meantime, many officials have been using Gmail accounts along to communicate.
Ransomware --> heroin overdoses. This is... such a good story for someone with the right expertise please get out of your bubbles and come cover it. https://t.co/MrfoKxUGnA
— Christopher Mims ? (@mims) May 23, 2019
Just some of the consequences so far: hundreds of real estate deals on hold, costing city badly needed transaction tax revenue; water bills can't get sent out, which will result in massive bills later; warnings on bad batches of heroin disabled, etc.
— Alec MacGillis (@AlecMacGillis) May 23, 2019