EternalBlue: The NSA-Developed Tool Hackers Used to Attack Baltimore’s Computer Network

For nearly three weeks, since May 7th, Baltimore has been under a ransomeware attack which has left the city systems shut down.

Baltimore’s city government has experienced system failures for everything from email to systems which enable residents to pay water bills, purchase homes and other tech-reliant services.

As The New York Times first reported, the tool used to cripple Baltimore city government systems is a created called EternalBlue.

EternalBlue is a National Security Agency (NSA) creation and has been used in other high-profile cyberattacks, leaving many wondering just how much damange the NSA tech may cause in hacker hands.

The hackers used EternalBlue to exploit vulnerability in certain versions of Microsoft Windows XP and Vista, which allowed hackers to execute remote commands on their unsuspecting target.

EternalBlue was leaked by hacker group The ShadowBrokers in April 2017. In response, Microsoft release a patch to fix the exploit within one day.

But the weakness is that users must have applied the patch in order to remain protected. Those without the patch are left exposed to EternalBlue’s intrusion.

Since 2017, EternalBlue has been responsible for many major cyberattacks, including Wannacry in May 2017 and NotPetya in June 2017.

A recent report from WeLiveSecurity notes that malware attacks of this sort are increasing, especially in the U.S.

As WeLiveSecurity notes, “Poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online.”

Despite Baltimore’s computers being hit was ransomware, the city officials have said they won’t pay the $76,000 ransom demand.

Instead, the city has been doing its best to manually process transactions, set up Gmail systems and implement other strategies to work around the problems.

CloudWedge