It’s been two weeks since the city of Baltimore was hit in a sophisticated ransomware attack.
On 7 May, hackers digitally seized about 10,000 Baltimore government computers. As a result, city employees have been locked out of their email accounts and citizens have been unable to access essential services since. These services include online platforms that support basic infrastructure and governance, including websites where Baltimoreans pay their water bills, property taxes, and parking tickets. Currently, hackers are demanding thirteen bitcoins (about $100,000) to unlock the hijacked systems.
The most recent attack isn’t the first time Baltimore has been hit in recent memory. The city was hit with a similar attack last year in a separate incident that shut down the city’s 911 system for about a day. Baltimore has come under scrutiny for its handling of both attacks. As one cyber security expert who specializes in ransomware put it, at some point organizations “don’t have a choice, [they] have to make a business decision.”
The ransomware attacks in Baltimore and other local governments across the U.S. have demonstrated an important fact about the nature of ransomware attacks: vulnerabilities are lurking everywhere. Common targets such as hospitals and schools tend to be the first in line for hackers to set their sights on, not just because crippling these institutions will give them the most leverage, but because they tend to be the most susceptible, a truth learned the hard way in the infamous WannaCry attacks of 2017.
But the most intriguing fact about the Baltimore ransomware attack and other similar incidents relates to the sophisticated tools used by the cybercriminals. According to a recent article in The New York Times, a key component of malware used by hackers was developed by none other than the National Security Agency (NSA). In 2017, the NSA reportedly lost control of the tool, called EternalBlue, in a digital heist still shrouded in mystery. Since then, the tool has been used in several well-known hacks across the globe by hackers in Russia, China and North Korea.
The NSA and FBI have declined to comment to media regarding these assertions. The official stance of government is that the theft of the cyber weapon never occurred in the first place.
