Since May 7th, US city Baltimore is under ransomware attack, reports The Verge. It affected government services like its e-mail systems and systems for other government services. According to security experts, hackers used EternalBlue, a “technology” developed by NSA for high-profile cyberattacks, which was stolen from NSA in April 2017 by hacker group The ShadowBrokers. NSA was reportedly using EternalBlue for over 5 years before it leaked online.
EternalBlue exploit is responsible for many ransomware attacks. It exploits a vulnerability in certain versions of Microsoft’s Windows XP and Vista systems, allowing an external party to execute remote commands on their target. Probably the most known cause of abusing EternalBlue is ransomware WannaCry. Here in Slovakia, a hospital in Nitra was affected too. Microsoft released a patch within a day, but one “issue” is still present: not everyone updated his operating system.
Cyberattack against Baltimore city is the latest instance of the use of this malware. According to report from WeLiveSecurity, most targets are in USA, followed by Japan and the Russian Federation. There is over a million machines still using a obsolete SMB v1 protocol, what results in increasing cyberattacks abusing EternalBlue.
Baltimore’s officials refuse to pay 76 000 USD demand requested by hackers, reports The New York Times. The city has begun to implement some alternative solutions, like manually processing real estate transactions and setting up a Gmail system for city workers. Initially, Google has blocked city departments from using Gmail accounts created as a workaround, but later Google changed its mind.
This is an example, how many damage can be done via not updating your operating system. Some antivirus softwares use techniques to prevent ransomware attacks by detecting processes that are creating encrypted files, which is common sign of ransomware. If you are a Mac user, try free utility RansomWhere? by Patrick Wardle.
Source: The Verge