Ransomware attacks in US cities are using a stolen NSA tool – Engadget

Sponsored Links

REUTERS/Stephanie Keith

The ransomware attacks in Baltimore and other US cities appear to have a common thread: they’re using NSA tools on the agency’s home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA’s stolen EternalBlue as a “key component,” much like WannaCry and NotPetya. While the full list of affected cities isn’t available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.

Microsoft has issued fixes for affected Windows version after the NSA disclosed the long-secret vulnerabilities. However, these attacks frequently succeed due to fragmented local governments that tend to be cautious about upgrades. In addition to using a mishmash of software and configurations that complicates updates, cities may be hesitant to patch or upgrade their software due to compatibility concerns and tight budgets.

And unfortunately, the NSA isn’t likely to help. While it helped Microsoft patch the security hole after EternalBlue became public in 2017, it has so far turned down discussion of the flaw and hasn’t even acknowledged that the code loss took place. The NSA and FBI have declined to comment on the new revelations.

Whatever its involvement, incidents like Baltimore’s highlight a problem with the NSA and other intelligence agencies hoarding exploits. The practice only works so long as officials have total control over vulnerabilities and the matching hacking tools. If data for either gets out, they effectively give criminals and foreign spies an advantage over an unprepared public. And when these exploits seldom discriminate between countries, they can cause plenty of damage at home.

Let’s block ads! (Why?)

Source link

Related posts

Whoops: Twitter accidentally exposed protected tweets for some Android users over the last four years – Android Police


She ditched her iPhone. Here's why she didn't mind switching from iOS to Android. – USA TODAY


Virtual Assistants Have Hit a Wall—and It’ll Be Years Before They Reach Full Potential – The Wall Street Journal


Leave a Comment

2 × five =