The New York Times reported on Saturday that a hacking vulnerability known as “EternalBlue” has been exploited to blackmail the local government of Baltimore. The NSA apparently discovered this exploit years before, but the paper claims that its cyber-spies kept it secret.
Meanwhile, Baltimore’s budget office estimates a ransomware attack on city computers will cost at least $18.2 million — a combination of lost or delayed revenue and direct costs to restore systems.
The NSA declined to comment on this.
The EternalBlue tool has been implicated in a wide range of cyber-attacks over the past couple of years, including the WannaCry assault that disrupted the UK’s NHS.
The city’s IT office spent $4.6 million on recovery efforts since the attack on May 7th, and expects to spend an additional $5.4 million by the end of the year, officials said.
The second part, $8.2 million, is from potential lost or delayed revenue, such as money from property taxes, real estate fees and fines.
Since the beginning of the attack, employees had been without access to baltimorecity.gov emails. Many employees created Gmail accounts as a workaround. But that only caused more problems, because Google’s security system flagged some of the accounts as suspicious and suspended them. Oh Google!
The unknown hackers demanded the city pay a ransom in bitcoins worth about $76,000 on the day of the attack, but Democratic Mayor Bernard C. “Jack” Young refused to pay. The logical conclusion here would be to pay the measly $76,000, because the $18.2 million required to fix the damage done by the ransomware exceeds the ransom request along with the investment into strengthening the cities defense to prevent future breaches.
The NSA has never confirmed how it came to lose control of its code nor officially commented on the affair.
But the suggestion is that if it had shared its findings with Microsoft at an earlier stage, fewer PCs would have been exposed to subsequent attacks that made use of the vulnerability.