Skip to main content

US city hit by major ransomware attack

(Image credit: Image source: Shutterstock/Nicescene)

The government of the US city of Baltimore has been hit by ransomware, leaving citizens unable to do certain tasks such as paying utility bills, parking tickets and taxes. 

According to media reports, hackers demanded 13 Bitcoin in ransom (roughly $113,000 under current prices), but the government declined - despite its staff now being unable to communicate via email following the attack.

But what makes things extra interesting is how the city of Baltimore ended up on the receiving end of ransomware. According to the New York Times, hackers exploited a vulnerability in older versions of Windows, called EternalBlue.

That vulnerability was actually discovered by the NSA a few years back, but the agency kept it quiet even from Microsoft, until it was forced to by a breach. Allegedly, the NSA has been using the vulnerability in its own operations. Microsoft released a fix for EternalBlue flaw in March 2017.

Senator Chris Van Hollen and Congressman Dutch Ruppersberger told the Baltimore Sun that they are now seeking "a full briefing" directly from the NSA.

"We must ensure that the tools developed by our agencies do not make their way into the hands of bad actors," the senator told the paper.

The NSA, on the other hand, is keeping quiet. It told the BBC (opens in new tab)it has “nothing for you on this”.

Opinions are split on who should be blamed for the incident. While some argue that the patch for EternalBlue has been out for two years, which is more than enough time for any organisation to patch up, others argue that sometimes it’s not that easy to implement patches.

Image source: Shutterstock/Nicescene

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.