This time the hacking tool being used is EternalBlue.
The New York Times has reported that the recent ransomware attacks in major US cities specifically Baltimore are closely linked together due to the fact that the key component in all the campaigns is a stolen NSA tool EternalBlue.
Interestingly, attackers are using NSA’s own designed hacking tool to target cities in the US and they have targeted Baltimore as well, which is the location of NSA’s headquarters.
The NSA has a reputation for developing tools that could crack into computers and systems of rival agencies, suspects, and citizens, which is a practice that privacy critics have always condemned. Now, hackers are targeting cities’ IT infrastructure using the same tools, which is indeed concerning all aspects.
At the moment the names of all the cities targeted with ransomware so far haven’t been shared with the press but reportedly, San Antonio and Allentown are among the list of affected cities.
EternalBlue contains malicious software that was leaked by a notorious hacking group Shadow Brokers back in 2017 and later the tool was used in many globally launched attacks, especially the devastating WannaCry and NotPetya ransomware campaigns.
On May 7, a ransomware attack on Baltimore affected the computers of the local government, which disrupted the city’s services until the IT department managed to revive the systems and make the system functional once again. The attack affected the IT systems in Baltimore for nearly three weeks because thousands of computers got affected leading to shutting down of emailing, real estate sales, health alerts, and utility bills services, etc.
NYT reports that attacks using EternalBlue hacking tool are suddenly on the rise as not just Baltimore but many other US cities have been targeted generating concerns among the surveillance and security fraternity.
“It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs,” the report states.
EternalBlue and other hacking tools developed by the NSA were leaked by Shadow Brokers in 2017 and state-sponsored hacker groups in Russia, China, and North Korea have been using them ever since to cause destruction and financial losses amounting to billions of dollars across the globe. Since 2017, the notorious hacking tools were missing in action and recently they have made a comeback that too, in NSA’s hometown.
Both the NSA and the FBI declined to comment on the recent surge in ransomware attacks involving the EternalBlue exploit. However, according to FOX 45, Baltimore City Council President Brandon Scott is urging Governor Hogan to seek a FEMA declaration for the week’s long ransomware attack that has disabled city government computer systems.