US city hit by major ransomware attack

(Image credit: Image source: Shutterstock/Nicescene)

The government of the US city of Baltimore has been hit by ransomware, leaving citizens unable to do certain tasks such as paying utility bills, parking tickets and taxes. 

According to media reports, hackers demanded 13 Bitcoin in ransom (roughly $113,000 under current prices), but the government declined - despite its staff now being unable to communicate via email following the attack.

But what makes things extra interesting is how the city of Baltimore ended up on the receiving end of ransomware. According to the New York Times, hackers exploited a vulnerability in older versions of Windows, called EternalBlue.

That vulnerability was actually discovered by the NSA a few years back, but the agency kept it quiet even from Microsoft, until it was forced to by a breach. Allegedly, the NSA has been using the vulnerability in its own operations. Microsoft released a fix for EternalBlue flaw in March 2017.

Senator Chris Van Hollen and Congressman Dutch Ruppersberger told the Baltimore Sun that they are now seeking "a full briefing" directly from the NSA.

"We must ensure that the tools developed by our agencies do not make their way into the hands of bad actors," the senator told the paper.

The NSA, on the other hand, is keeping quiet. It told the BBC it has “nothing for you on this”.

Opinions are split on who should be blamed for the incident. While some argue that the patch for EternalBlue has been out for two years, which is more than enough time for any organisation to patch up, others argue that sometimes it’s not that easy to implement patches.

Image source: Shutterstock/Nicescene