On May 7, EternalBlue was used to attack Baltimore city workers with ransomware, demanding about $100,000 in Bitcoin in order to regain access. City officials refuse to pay and many Baltimore city services are still disabled.Many of the targets in the US have been local governments, such as Baltimore and San Antonio, where public employees often oversee networks using outdated software. In July, the Department of Homeland Security warned that local and state governments were being hit by destructive malware which has begun relying on the EternalBlue tool to spread.The hack can be prevented with a software patch provided by Microsoft, but almost a million computers remain vulnerable, according to welivesecurity..@NSAGov kept open the hole (#ETERNALBLUE) hit by today's #Petya/#NotPetya ransomware attack–for more than 5 years. https://t.co/mAeIeCGiyY pic.twitter.com/coK1kd2MIv
— Edward Snowden (@Snowden) June 27, 2017
Security responders have reported seeing EternalBlue show up in attacks almost every day at this point.In the past week, researchers at the Palo Alto Networks security firm found that a Chinese state group had hacked Middle Eastern governments with the EternalBlue tool.“We expect EternalBlue will be used almost forever, because if attackers find a system that isn’t patched, it is so useful,” said Jen Miller-Osborn, a deputy director of threat intelligence at Palo Alto Networks, according to The New York Times.Microsoft’s president, Brad Smith, has called for a “Digital Geneva Convention” for cyberspace. This would include a pledge by governments to report vulnerabilities to vendors instead of keeping them secret in order to use them for attacks or espionage.Maryland Sen. Chris Van Hollen and Rep. C. A. "Dutch" Ruppersberger – whose district includes some of Baltimore – have both requested briefings from the NSA, according to The Baltimore Sun.“We must ensure that the tools developed by our agencies do not make their way into the hands of bad actors,” Van Hollen told The Baltimore Sun.Baltimore City Council President Brandon Scott insisted that the federal government should help with the situation, saying, “Given the new information and circumstances it’s even more clear that the federal government needs to have a larger role in supporting the City’s recovery, including federal reimbursement for damages.”“The fact that the root technology that enabled this attack came from our own federal government, just miles away, only adds insult to injury,” added Scott.The NSA and FBI have refused to comment on the EternalBlue breach, according to The New York Times.Scott Shane is right, and both can be true: each post-patch victim should have patched long ago—and the NSA should never have lost control of its big bad box of exploits. And what was the bigger mistake? https://t.co/8OduGsbprB
— Thomas Rid (@RidT) May 25, 2019