It is now the fourth week that Baltimore servers are down after a ransomware attack that led to cyber-terrorists demanding 13 Bitcoins to restore the servers. However, a piece of devastating news is doing rounds online from a report showing a tool made by the US National Security Agency was used to create the RobbinHood ransomware which was used to pull down Baltimore servers. Besides Baltimore, Greenville N.C is also a victim of the Ransomware demand.
While the servers are all down, states agencies have pulled offline any other systems which weren’t affected and reverted to manual ways to providing services to residents. At the same time, Baltimore Governor Larry Hogan has received a letter from Brandon Scott President of the City Council urging him to declare the incidence an emergency.
Declaring the ransomware attack an emergency will grant him the power to request for federal disaster relief funds. However, since four weeks have passed and the governor hasn’t declared it an emergency it’s likely he’s reluctant to follow in the footsteps of ex-Colorado governor John Hickenlooper.
NSA Lost a Cyberweapon Tool it created in 2017
While Governor Hogan is pondering which step to take next, a lost cyberweapon tool from the National Security Agency is responsible for the RobbinHood ransomware. Per contents of the reports, NSA lost EternalBlue cyberweapon in 2017, and now it is in the ransomware. While the NSA had developed it to execute counterterrorism and intelligence gathering missions, the loss of EternalBlue due to leak is what lead to the attack.
During the missions, the primary target of NSA’s tool was to find vulnerabilities in software made by Microsoft. Before the attack in Baltimore, EternalBlue was used in North Korea, Russia, and China by state-backed hackers. However, the tool has found its way back to its origin in the US.
As Baltimore governor thinks of the way forward, the price for restoring all servers is still going up. Apart from just reconfiguring the servers, some parts have to be developed to prevent future attacks. In Colorado case, SamSam ransomware led to the state parting with $1.5 million. However, for Baltimore, the estimates are not out, but the state might part with millions to restore its servers.