NSA software used by hackers

The city of Baltimore is the target of a significant attack that affects many administrative services. Behind, hides ransomware that targets poorly protected computers and claims $ 100,000 to stop the attack. His particularity? It is based on a tool developed by the NSA.

The city of Baltimore in the United States is currently dealing with particularly severe ransomware. The attack locked the critical systems of the city, demanding the payment of a ransom of $ 100,000 in Bitcoin. The virus affects real estate sales, amount of water bills, the city’s e-mail service, and many other services.

If the attack comes from a group of hackers, the virus is based on a tool developed by the NSA, the US National Security Agency. This tool is called “EternalBlue” and allows you to execute remote commands on all Microsoft Windows systems that are out of date, from Windows XP to Windows 10.

A fix available for two years

This is not the first time that EternalBlue has been used for malicious purposes. A group of hackers named  The Shadow Brokers had published it in April 2017, and it was used in attacks by government groups based in North Korea, Russia, and China, as with WannaCry in May 2017 or NoPetya in June 2017. The FBI has still not determined whether spies have stolen EternalBlue, or whether it is an internal leak.

Microsoft had made a fix the day after EternalBlue leaked, but the city of Baltimore did not apply the update on all of its computers. It is not the only one, as security experts have reported a new spike in activity, with attacks targeting cities from Pennsylvania to Texas.