UPDATED 21:19 EDT / MAY 26 2019

SECURITY

Baltimore ransomware attack linked to leaked NSA EternalBlue exploits

EternalBlue, the hacking exploits developed by the U.S. National Security Agency that were leaked in 2017, were used in the ransomware attack that targeted the City of Baltimore, The New York Times reported Saturday.

The attack on Baltimore, the most recent city to be targeted in a ransomware attack, was first detected May 7 and as of May 22, many services remained offline. Some reports say it could take months for the city to recover fully.

The attack involved RobbinHood, a newer form of ransomware first detailed in April. It’s distributed through targeted attacks that include hacked remote desktop services or other “trojan” viruses that provide access to the attackers.

The Times now links the RobbinHood code to EternalBlue referencing security experts briefed on the case. It should be noted that the NSA has not confirmed the link and has never admitted having designed EternalBlue nor acknowledged its past exposure.

That exposure came when EternalBlue was released by hacking group Shadow Brokers in April 2017. Two years later, it’s said that even today both the NSA and U.S. Federal Bureau of Investigation do not know whether the group was foreign spies or disgruntled users.

All that comes as absolutely no surprise as since the malware’s release online, since the code has been linked to hundreds of cyberattacks across multiple countries. The first and still be the biggest attack using EternalBlue code came with the WannaCry ransomware attacks that started in May 2017. The WannaCry attacks alone are said to have caused at least $8 billion in damage.

WannaCry took advantage of one aspect of the EternalBlue exploits that other attacks using the code have since followed. A report in September found that the NSA exploits were driving a massive increase in illicit cryptomining, such as with the Beapy malware in April, while other reports have linked the use of the code to both criminals in Russia and the Chinese government.

The report linking the ransomware attack to EternalBlue hasn’t gone unnoticed by Baltimore political leaders. U.S. Sen. Chris Van Hollen and Rep. C.A. Dutch Ruppersberger are reported to be seeking briefings from the NSA, while City Council President Brandon Scott is demanding that the federal government step in to cover some of the cost of Baltimore’s recovery.

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU