When hackers paralyzed the city of Baltimore with a ransomware attack last month, the focus became not the theft itself, but a $76,000 Bitcoin ransom.
NSA Passes Ransomware Buck
According to a recent report from The New York Times, a ransomware attack in Baltimore, Maryland in May was empowered by the use of a stolen National Security Agency (NSA) cyberweapon.
In a previously published article, the Times had reported that the cyberweapon, EternalBlue, came to light after discovery by each of the four contractors hired to investigate the attack and fix the city’s network.
The weapon was possibly stolen and redistributed in 2017 by a group called the Shadow Brokers, but the NSA refused to comment on the incident or existence of the cyberweapon.
EternalBlue featured in attacks by North Korea and Russia in 2017 and the tool has caused billions of dollars worth of damage to various governments and corporations.
Maryland Congressman Dutch Ruppersberger also issued a statement informing the media that he had been briefed by “senior leaders” from the NSA and according to Ruppersberger, the NSA said that there was “no evidence at this time that EternalBlue played a role in the ransomware attack affecting Baltimore City.”
BTC Payment Rejected
The investigators speaking with the Times demanded that they remain anonymous and they are still working to piece together the exact chronology of the ransomware attack. The most popular explanation is that hackers breached an open server in Baltimore’s network then proceeded to install a back door.
EternalBlue might have been used to travel across Baltimore’s computers and a separate software tool called ‘Web Shell’ could have acted alongside it.
The hackers demanded that the city pay the $76,000 ransom in Bitcoin 00 but Major Bernard C. Young refused to pay. While this may have been a smart move, the city now estimates that the cost of the ransomware attack totals more than $18 million due to lost revenue and the cost of recovery efforts.
According to investigators, a popular hacking technique called ‘pass-the-hash’ helped spread the ransomware and lately EternalBlue has acted as a tool to launch attacks against local and municipal governments in the United States. These places tend to use older equipment, the theory goes, which has not followed suggested software updates.
In 2017 Microsoft released a Windows update which would have protected Baltimore’s computers against EternalBlue but it appears that the update was not installed.
Blame it on Bitcoin
Interestingly, media coverage of the ransomware attack focused primarily on Bitcoin being the method of payment the attackers wanted and the oft-used narrative of Bitcoin and cryptocurrency being primarily used by terrorist groups, drug dealers and online dark markets once again emerged.
Oddly enough, Bitcoin frequently becomes such a focal point and scapegoat, taking the blame for ransomware and other attacks.
A report in April concluded BTC made up 98 percent of all crypto-denominated ransomware payments, with privacy-focused coins such as Monero accounting for a comparatively tiny share.
In this case, however, surely the true culprit is America’s ageing technology infrastructure and a lack of proper cybersecurity training for local government employees.