‘No Excuse For That’: US City Government Shuttered by Stolen NSA Ransomware

© WikipediaBaltimore Inner Harbor
Baltimore Inner Harbor - Sputnik International
It’s been three weeks since Baltimore’s city government was hit by a devastating ransomware attack using a tool stolen from the US National Security Agency (NSA). While a cybersecurity consultant told Sputnik the city should’ve kept up on basic safety practices, he noted that nothing is ever truly secure - even at the NSA.

On May 7, the city government computers in Baltimore, Maryland, got hit by the RobbinHood file-locking virus, a type of ransomware that puts a digital key onto a server, making it impossible to access. A ransom note accompanied the hack, promising to deliver that password.

Ransomware attacks global IT systems - Sputnik International
Tehran Has Developed a Firewall to Counter Stuxnet Virus - Iranian Minister

The price? Three bitcoins per computer (as of Tuesday evening, one bitcoin was worth approximately $8,700). The virus has infected about 10,000 of the city's computers, Vox noted. The city is refusing to pony up, and its government functions, from paying bills to answering emails from citizens, have all ground to a halt.

"We've [been] watching you for days and we've worked on your systems to gain full access to your company and bypass all of your protections," the ransom note said, according to the Baltimore Sun. "We won't talk more, all we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!"

This is the second time the city has been hit with a ransomware attack in the past 15 months. A March 2018 attack shut down Baltimore's 911 emergency system for about a day, the Sun noted.

Similar attacks to this one, however, have hit Greenville, North Carolina, and Atlanta, Georgia, in recent years, Sputnik reported.

Cyber space - Sputnik International
US Struggles to Staff Cyber Defenсe ‘Red Teams' - Shanahan

RobbinHood was delivered via the EternalBlue exploit, one of the NSA hacking tools stolen in the infamous Shadow Brokers heist in 2017, Ars Technica noted. While Microsoft released a patch protecting against the malware after being alerted by the NSA, Ars Technica noted that over a million computers worldwide still use the computer protocol exploited by tools like EternalBlue and its related malware worms, WannaCry, and NotPetya. Thousands of those computers are "part of the networks of US school districts; many more belong to local governments, law enforcement organizations, state universities, community colleges, and other public institutions," the outlet wrote.

Jeffrey Carr, cybersecurity consultant, author of "Inside Cyber Warfare" and founder of Suits and Spooks, told Radio Sputnik's By Any Means Necessary Tuesday "it's extremely difficult for anything to be secured 100%," noting that the NSA is far from the only institution struggling with security issues.

However, Carr cautioned against drawing parallels between cybersecurity tools and weapons of mass destruction when arguing in favor of structures that could regulate entities and programs that produce and utilize cyberweapons like those used against the Baltimore government.


​"The problem, of course, is when you're talking about a nuclear weapon, you're talking about very-difficult-to-obtain materials and materials that can be easily controlled and tracked. When you're talking about code — it's not even apples and oranges anymore; there's no way that you can treat software the same way you treat uranium-235, for example," Carr said, noting it's not a practical argument to make.

"Perhaps there are ways to change when a government agency is legally — and it's perfectly legal for the NSA to have these tools, any government agency that's in this line of work has them, regardless of country — but maybe there is a way to sort of improve it so that it can't be operated when it's not on a particular device," Carr said, "or some other controls that a programmer can devise to make it useless on any machine. It's like a piece of malware created for Microsoft Outlook doesn't work in Apple iMail, so there may be some ingenious programmers out there who can come up with a software solution to make these tools unusable if they're outside of the NSA's network."

Twitter app on a mobile phone - Sputnik International
Twitter, Facebook Delete ‘Iran-Linked’ Accounts Without Looking at Firm’s Report

"But I think that we've just found ourselves today with all the conveniences of a digitally connected world with the associated risk of making it easy for bad actors to cause lots and lots of mayhem," Carr told hosts Eugene Puryear and Sean Blackmon, "but I don't think there's any getting away from that."

However, Carr didn't retreat from blasting the Baltimore government's neglect of basic cybersecurity maintenance. "There's no excuse for that," he said, but basic "cyber hygiene" principles like keeping programs up to date and following best practices when handling data and devices connected to the network "can be improved… and make it harder next time. But that's all you're really doing is making it harder, cost more, with an attacker."

"The onus should be on the individual city, state, government or organization to do as much as they can and not look to the federal government," Carr said, noting the federal government has enough problems securing its own systems. "Leave the federal government out of it."

To participate in the discussion
log in or register
Заголовок открываемого материала