Hackers used NSA’s tool for Baltimore ransomware attack: Report
EternalBlue, originally developed by NSA, has been previously used for several high-profile ransomware attacks including WannaCry and NotPetya.Updated: May 27, 2019 14:50 IST
Baltimore, a city in the US, is grappling with a major ransomware attack which has forced the authorities to partially shut down the web in the area. Cyber criminals reportedly used a tool created by the US’ National Security Agency (NSA) to target the individual and official computer systems.
City workers’ computer screens were suddenly locked with a message demanding about $100,000 in Bitcoin to unlock the systems. “We’ve watching you for days,” read the message, reported The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
This is not the first time NSA’s tool has been used by cyber criminals to target the governments and organizations. Known as EternalBlue, the tool has been previously used in many high-profile cyber attacks, according to The New York Times. The tool essentially exploits vulnerabilities in dated Microsoft’s Windows versions such as XP and Vista. The software was stolen from NSA and leaked to the web in 2017 by a hackers group called Shadow Hunters.
Since then, EternalBlue has been exploited by cyber criminals around the world for several ransomware attacks. This includes WannaCry ransomware, dubbed as one of the biggest global cybersecurity incidents so far. A Quick Heal Technologies report, published in September last year, pointed out a big spike in the EternalBlue exploit around the world.
Another major EternalBlue-related attack was NotPetya which was used by Russian hackers to target companies including Denmark’s A.P. Moller-Maersk A/S. According to the White House, the ransomware attack led to billions of dollars in damage. Cyber criminals were also said to exploit the software flaw to mine cryptocurrencies.
NSA’s secret weapon
EternalBlue was NSA’s one of the most reliable tools for counter-terrorism and intelligence-gathering tasks, according to The New York Times. The report reveals the code, internally known as EternalBluescreen, was so valuable for the US agency that it never alerted Microsoft about the hack and kept it secret for over five years before it was stolen by cyber criminals.
Older Windows versions
Interestingly enough, Microsoft had rolled out a patch to fix the EternalBlue hack shortly after it was discovered. The impact of the Baltimore ransomware attack shows the patch did little to prevent the incident. This is mainly because the fragmentation in Windows ecosystem.
Even though Microsoft’s Windows 10 has become the top PC operating system, its older Windows versions are still available around the world. Microsoft has already announced ending support for Windows 7 and older versions, the user adoption hasn’t been really fast. With majority users and government organisations still holding on to older Windows systems with no official support, they will continue to be targeted by cyber criminals.