When hackers paralyzed the city of Baltimore with a ransomware attack last month, the focus became not the theft itself, but a $76,000 Bitcoin ransom.
NSA Passes Ransomware Buck
According to a recent report from The New York Times, a ransomware attack in Baltimore, Maryland in May was empowered by the use of a stolen National Security Agency (NSA) cyberweapon.
In a previously published article, the Times had reported that the cyberweapon, EternalBlue, came to light after discovery by each of the four contractors hired to investigate the attack and fix the city’s network.
The weapon was possibly stolen and redistributed in 2017 by a group called the Shadow Brokers, but the NSA refused to comment on the incident or existence of the cyberweapon.
EternalBlue featured in attacks by North Korea and Russia in 2017 and the tool has caused billions of dollars worth of damage to various governments and corporations.
Maryland Congressman Dutch Ruppersberger also issued a statement informing the media that he had been briefed by “senior leaders” from the NSA and according to Ruppersberger, the NSA said that there was “no evidence at this time that EternalBlue played a role in the ransomware attack affecting Baltimore City.”
BTC Payment Rejected
The investigators speaking with the Times demanded that they remain anonymous and they are still working to piece together the exact chronology of the ransomware attack. The most popular explanation is that hackers breached an open server in Baltimore’s network then proceeded to install a back door.
EternalBlue might have been used to travel across Baltimore’s computers and a separate software tool called ‘Web Shell’ could have acted alongside it.
The hackers demanded that the city pay the $76,000 ransom in Bitcoin 00 but Major Bernard C.