Since May 7th, the Baltimore's city government has been dealing with a ransomware attack that has shut down everything from its email to the systems that allow residents to pay water bills, purchase homes, and other services. According to a report in The New York Times the tool that has been launched at the National Security Agency creation called EternalBlue, which has been used in other high-profile cyberattacks.
According to security experts, hackers used EternalBlue, which exploits a vulnerability in certain versions of Microsoft's Windows XP and Vista systems, allowing an external party to execute remote commands on their target. The tool was released by hacking group The ShadowBrokers in April 201
The Baltimore attack is the latest instance of the use of this malware, and a recent report from WeLiveSecurity highlights that its use is increasing, especially against US targets. They found that there are currently almost a million machines in the wild using the obsolete SMB v1 protocol, and that is the result of poor security practices and patches are likely to cause malicious use of the EternalBlue exploit has been growing continuously. since the beginning of 2017, when it was leaked online. ”Baltimore's computers were hit with the ransomware attack earlier this month and city officials have said that they won't pay (via The New York Times ) the $ 76,000 ransom demand. The city has started to implement some workarounds, manually processing real estate transactions and setting up a Gmail system for city workers, which Google initially shut down, but has since restored. In the meantime, The Baltimore Sun reports that the city's IT department is working to restore access to the city's systems while improving their security while they do so.