Hackers used tool developed by NSA to attack Baltimore computer systems

Since May 7, the Baltimore municipal government has been facing a ransomware attack that has shut everything down, from email to systems that allow residents to pay their water bills, buy homes and other services. According to a report in The New York Times, the tool that paralyzed the city is a creation of the National Security Agency called EternalBlue, used in other high level cyberattacks.

According to security experts, hackers have used EternalBlue, which exploits a vulnerability in some versions of Microsoft's Windows XP and Vista systems, allowing an external party to execute remote commands on its target. The tool was leaked by the hacking group The ShadowBrokers in April 2017 and, in the space of one day, Microsoft had released a fix to fix the exploit. Correcting a system does not mean that these vulnerabilities are fully closed: users must first apply the patch. Hijackers using EternalBlue have since been responsible for several major cyberattacks, including Wannacry in May 2017, and NotPetya's attacks on Ukrainian banks and infrastructure in June 2017.

The Baltimore attack is the latest instance of use of this malware, and a recent report from WeLiveSecurity stresses that its use is increasing, especially compared to US objectives. They found that "there are currently nearly a million machines in the wild that use the obsolete SMB v1 protocol," which is a result of "poor security practices and lack of patches." are probably the reasons why the malicious use of the EternalBlue exploit has stopped growing. since the beginning of 2017, when it was leaked online. "

Baltimore computers were hit by the ransomware attack earlier this month, and city officials said they did not pay (via The New York Times) the ransom demand of $ 76,000. The city began implementing some workarounds, manually processing real estate transactions, and implementing a Gmail system for municipal workers, which Google had initially closed, but which it has since restored. Meanwhile, The Baltimore sun indicates that the city's IT department is working to restore access to the city's systems while improving their security.