Back in April 2017, a hacking group known as Shadow Brokers leaked a set of hacking tools targeted at Windows systems allegedly stolen from inside the National Security Agency (NSA). One of these tools was "EternalBlue", a vulnerability which has since been used to carry out multiple large scale ransomware attacks around the world including the infamous "Wannacry" and "Petya" attacks in May and June of 2017.
Now, The New York Times reports that the leaked hacking tool called EternalBlue has resurfaced, and this time it"s being used to carry out cyber attacks in Baltimore and a few other cities in the U.S. According to security experts, the number of attacks based on EternalBlue is skyrocketing, with victims across the United States.
Apparently, the city of Baltimore has been under siege for the last three weeks at the hands of cyber criminals who are using the NSA"s own creation to attack the organization"s home turf. Reports suggest that thousands of PCs owned by the local government have been subjected to malware and digital attacks, causing complete chaos. Government systems such as email are broken-down, due to which services such as bill payment, health alerts, and buying homes are all unavailable to the local residents.
The ransomware attacks carried out in 2017 enabled by the stolen EternalBlue vulnerability targeted over 70 countries, including the U.K., Turkey, France, Spain and the U.S. Although Microsoft had released security patches to fix the vulnerability beforehand, many users had still not updated their devices, leaving them at risk. The Baltimore attack is similar in nature, and asks for a $100,000 ransom in Bitcoin to unlock affected files. City officials have refused to pay, though some services have been restored through the use of workarounds.
As of right now, the National Security Agency and the Federal Bureau of Investigation have both refused to comment on the ongoing cyber attacks in Baltimore.
Source: The New York Times