EternalBlue, the hacking exploits developed by the U.S. National Security Agency that were leaked in 2017, were used in the ransomware attack that targeted the City of Baltimore, The New York Times reported Saturday.
The attack on Baltimore, the most recent city to be targeted in a ransomware attack, was first detected May 7 and as of May 22, many services remained offline. Some reports say it could take months for the city to recover fully.
The attack involved RobbinHood, a newer form of ransomware first detailed in April. It’s distributed through targeted attacks that include hacked remote desktop services or other “trojan” viruses that provide access to the attackers.
The Times now links the RobbinHood code to EternalBlue referencing security experts briefed on the case. It should be noted that the NSA has not confirmed the link and has never admitted having designed EternalBlue nor acknowledged its past exposure.
That exposure came when EternalBlue was released by hacking group Shadow Brokers in April 2017. Two years later, it’s said that even today both the NSA and U.S. Federal Bureau of Investigation do not know whether the group was foreign spies or disgruntled users.
All that comes as absolutely no surprise as since the malware’s release online, since the code has been linked to hundreds of cyberattacks across multiple countries. The first and still be the biggest attack using EternalBlue code came with the WannaCry ransomware attacks that started in May 2017. The WannaCry attacks alone are said to have caused at least $8 billion in damage.
WannaCry took advantage of one aspect of the EternalBlue exploits that other attacks using the code have since followed. A report in September found that the NSA exploits were driving a massive increase in illicit cryptomining, such as with the Beapy malware in April, while other reports have linked the use of the code to both criminals in Russia and the Chinese government.
The report linking the ransomware attack to EternalBlue hasn’t gone unnoticed by Baltimore political leaders. U.S. Sen. Chris Van Hollen and Rep. C.A. Dutch Ruppersberger are reported to be seeking briefings from the NSA, while City Council President Brandon Scott is demanding that the federal government step in to cover some of the cost of Baltimore’s recovery.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.