NewsTechnologyUnited States

Baltimore: NSA tool used in ransomware attack

0
Ransomware attacks that the paralyzed government from Baltimore could come to UW city
Ransomware attacks that the paralyzed government from Baltimore could come to UW city

The New York Times reported on Saturday that a hacking vulnerability known as “EternalBlue” has been exploited to blackmail the local government of Baltimore. The NSA apparently discovered this exploit years before, but the paper claims that its cyber-spies kept it secret.

Meanwhile, Baltimore’s budget office estimates a ransomware attack on city computers will cost at least $18.2 million — a combination of lost or delayed revenue and direct costs to restore systems.

The NSA declined to comment on this.

The EternalBlue tool has been implicated in a wide range of cyber-attacks over the past couple of years, including the WannaCry assault that disrupted the UK’s NHS.

A sign on the door of the Baltimore Department of Public Works' water department office May 8, 2019.
A sign on the door of the Baltimore Department of Public Works’ water department office May 8, 2019. Residents have not been able to conduct business with the city or pay bills by cash or credit cash at the Abel Wolman Municipal Building because of a ransomware attack. (Kenneth K. Lam / The Baltimore Sun)

The city’s IT office spent $4.6 million on recovery efforts since the attack on May 7th, and expects to spend an additional $5.4 million by the end of the year, officials said.

The second part, $8.2 million, is from potential lost or delayed revenue, such as money from property taxes, real estate fees and fines.

Since the beginning of the attack, employees had been without access to baltimorecity.gov emails. Many employees created Gmail accounts as a workaround. But that only caused more problems, because Google’s security system flagged some of the accounts as suspicious and suspended them. Oh Google!

The unknown hackers demanded the city pay a ransom in bitcoins worth about $76,000 on the day of the attack, but Democratic Mayor Bernard C. “Jack” Young refused to pay. The logical conclusion here would be to pay the measly $76,000, because the $18.2 million required to fix the damage done by the ransomware exceeds the ransom request along with the investment into strengthening the cities defense to prevent future breaches.

The NSA has never confirmed how it came to lose control of its code nor officially commented on the affair.

But the suggestion is that if it had shared its findings with Microsoft at an earlier stage, fewer PCs would have been exposed to subsequent attacks that made use of the vulnerability.

Philippines Law Requires Students to Plant 10 Trees Before Graduation

Previous article

iPhone Collects and Transmits Large Amounts of Data While You Sleep

Next article

You may also like

More in News