A recent spate of ransomware attacks in Baltimore and other U.S. cities has been executed using a tool developed by the National Security Agency (NSA). Thousands of people in Baltimore have been locked out of their computers in the past three weeks, causing disruption across the city. And this has been enabled by a piece of software created by the NSA, according to a report in the New York Times.
The EternalBlue exploit takes advantage of a vulnerability in Microsoft Windows machines to infiltrate target computers. The software was stolen from the NSA and leaked by hackers in 2017, and since then has been used in a wide variety of cybercrinimal schemes. 2017’s WannaCry attack used the software, as did Russia’s NotPetya attack on Ukraine last year.
Now the same software is being used against U.S. citizens, causing particular problems for local governments with machines which have been disrupted. Many local governments do not regularly update their computers, leaving them vulnerable to exploits. In Baltimore, hospitals, airports, ATMs, shipping operators, and vaccine-producing factories have all been effected in the last few weeks.
The software locks the target computer’s screen, then shows a message demanding a payment of around $100,000 in Bitcoin for the target to regain access to their files. “We’ve watching you for days,” the message says, according to The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
The NSA has never acknowledged the theft of the software or its responsibility for the cyberattacks conducted using it.
“The government has refused to take responsibility, or even to answer the most basic questions,” Thomas Rid, a cybersecurity expert at Johns Hopkins University, said to the Times. “Congressional oversight appears to be failing. The American people deserve an answer.”
EternalBlue may have been developed with good intentions to protect national security, but this event shows the problems with law enforcement or intelligence agencies having tools which allow them access to computers and phones. When such a tool is leaked, it can no longer be controlled.
In fact, the NSA had and used the EternalBlue tool for five years and considered it so valuable that it avoided informing Microsoft about the vulnerability which is exploited, according to former NSA employees who spoke to the Times.
- NSA warns about Windows exploit, ignores its own role in creation of malware
- New WannaCry-like ransomware attack is in the wild, affecting PCs globally