Over the past month, Baltimore has faced repeated cyber attacks that have shut down the city’s email and systems allowing residents to pay water bills, purchase homes, and more. Now, a report by The New York Times has revealed that the malware used to attack Baltimore was created by the National Security Agency (N.S.A.).
Security experts told the New York Times that attackers were using a tool called EternalBlue. Essentially, EternalBlue works by targeting a vulnerability in some versions of Microsoft’s Windows XP and Vista systems, The Verge reported. This lets external parties use remote commands on their targets.
In 2017, the N.S.A. lost control of EternalBlue after it was leaked by a hacking group called ShadowBrokers. The tool has been used around the world, including in attacks against Ukrainian banks and infrastructure in June 2017.
Baltimore was originally attacked on May 7. City workers found that their screens were suddenly locked. The hackers demanded almost $100,000 in Bitcoin.
According to the Baltimore Sun, a message displayed across screens said, “We’ve watching you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections.”
A report from WeLiveSecurity found that the use of EternalBlue is increasing, writing:
“It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently it is at the peak of its popularity, with users bombarded with hundreds of thousands of attacks every day.”
The WeLiveSecurity report highlighted part of the problem.
“According to data from Shodan, there are currently almost a million machines in the wild using the obsolete SMB v1 protocol, exposing the port to the public internet,” the report said. “Most of these devices are in the United States, followed by Japan and the Russian Federation.”
The New York Times revealed that security experts say cybercriminals are focusing on “vulnerable” American towns and cities to paralyze local governments.
Baltimore refuses to pay, so the city is still experiencing issues due to the malware. It’s unclear how long it will take for the issue to be completely resolved.