[ad_1]
May 7 began as a normal day for the citizens of Baltimore, Maryland (United States). But at the end of the day, this city, located 48 minutes from the country's capital, would be the victim of an unprecedented attack.
But in this attack, there were neither weapons nor explosives. In exchange there was a malicious code that prostrate the local government systems to the point of preventing thousands of public service employees from using their computer and thousands of citizens to receive and to pay their utility bills. It was not possible to send e-mails from official accounts and, throughout the city, the purchase and sale of real estate, the issuing of invoices and other services were suspended.
The attacker had access to the systems by a scam phishing where he convinces someone to enter their security identification information in response to a E-mail who claims to be legitimate. Once inside, he encrypted the data stored on the servers. It has been highlighted a resource known as Eternal Blue, developed by the US National Security Agency. UU (NSA) as a weapon used in the attack. If this thesis was verified, the government's liability would be greater, since a fix that corrects this vulnerability was released by Microsoft several years ago.
This modality is known as ransomware, or misuse of data. In exchange for a payment or ransom, cyber criminals promise to give the key to decrypt the files. If there is no payment, they could remain unused forever. The ironic thing is that, if the amount of ransom is in the order of $ 90,000 (thirteen bitcoins), the costs badociated with the paralysis of the systems are already estimated at around nineteen million dollars.
The official position is not to pay the hacker, but affected businesses tend to be more realistic
All this led observers to propose, sometimes reluctantly, the thesis that it was necessary to act, it was to pay the ransom, and then to prosecute those responsible. Stephen L. Carter said in a Bloomberg column: "We tend to respond with slogans:" We never negotiate with terrorists ". The idea is that if you do, launch new attacks. Although this argument makes sense for the usual targets, not everyone should do it. The official position is not to pay the hacker, but affected businesses tend to be more realistic ".
In fact, the FBI advised the city not to pay a cent. According to their figures, the total rescues paid in 2018 throughout the US. UU by individuals and organizations amounted to $ 3.6 million, a relatively small amount.
Faced with the refusal of the authorities, the hacker, who identifies on Twitter under the name "Robin Hood", has published what appear to be documents reserved, taken from the servers of the municipality. Your user, @robihkjnfrom which the mayor of Baltimore, Bernard Young, directly addresses, was suspended by the social network.
Since last week, 65% of employees in the public sector have found the opportunity to use their computer and send e-mails. This week, thousands of tax accounts began to be settled manually, including 14,000 with uncheckable charges. The city has designed a "shortcut" manual to reactivate real estate transactions. The mayor's message remains: we will not pay.
Something that says Carter, could be expensive. "Sometimes it's better to make a reasonable decision that a low cost can avoid more serious problems, which is why cybercriminals do not ask for millions. (…) I do not have the # 39; intention to excuse @robihkjn and I do not want to stimulate blackmail, I do not like it more than you. But there is an uncomfortable reality in the world: sometimes the bad guys win. "
WILSON VEGA
EDITOR OF TECHNOLOGY
THE WEATHER
Twitter: @ WilsonVega
[ad_2]
Source link
