Since May 7, the Baltimore City government has been dealing with a ransomware attack that has shut down everything from email to systems that allow residents to pay water bills, buy homes and other services. According to a report published in The New York Times the tool that has affected the city is a creation of the National Security Agency called EternalBlue, which has been used in other high-profile cyber attacks.
According to security experts, hackers used EternalBlue, which exploits a vulnerability in certain versions of Microsoft's Windows XP and Vista systems, allowing an outside party to execute remote commands on its target. The tool was leaked by the hacker group The ShadowBrokers in April 2017 and, within a day, Microsoft released a patch to fix the vulnerability. But patching a system does not mean that those vulnerabilities are completely closed: users must first apply the patch. Hackers using EternalBlue have been responsible for several major cyber attacks, including Wannacry in May 2017, and NotPetya attacks on banks and infrastructure in Ukraine in June 2017.
The Baltimore attack is the latest instance of the use of this malware, and The recent report of WeLiveSecurity emphasizes that its use is increasing, especially against the objectives of EE. UU They discovered that "there are currently almost one million machines released using the obsolete SMB v1 protocol", and that is the result that "poor security practices and lack of patches are the reasons why the malicious use of the vulnerability from EternalBlue has been growing continuously. " since early 2017, when it leaked online. "
Baltimore computers suffered a ransomware attack earlier this month, and city officials have said they will not pay (through The New York Times ) ransom demand of $ 76,000 The city has begun to implement some alternative solutions, manually processing real estate transactions and setting up a Gmail system for city workers, which Google initially closed, but since then it has been restored, Meanwhile, The Baltimore Sun reports that the city's IT department is working to restore access to city systems while improving their security while doing so.