Ransomware Created by NSA Causing Havoc Throughout the World
When it comes to computer security, one would think that the National Security Agency (NSA) has the most secure infrastructure than any other organization throughout the country, if not the world, and would also be the most diligent about protecting its information systems.
However, recent numerous ransomware attacks on local governments within the United States that have frozen government computers, affected real estate sales, and impacted water billing and other services, are now being blamed on the NSA – the reason being is that a component of the ransomware, known as EternalBlue, was originally developed by the NSA, according to an article published in the New York Times.
EternalBlue was initially meant to serve as a reliable virus tool for intelligence gathering and counterterrorism for the NSA; however, in 2017 a group called Shadow Brokers was able to leak the tool online, which led to hackers getting a hold of it. Numerous other entities have been attacked by EternalBlue as well, including hospitals, airports, railroad and shipping operators, ATM machines, and factories – this has resulted in lost revenue for cities and other businesses who have been hit by the ransomware attack.
EternalBlue causes what is known in the computer world as the “blue screen of death” to display on computer monitors, and in a recent EternalBlue attack on the Baltimore city government computer system, the hackers asked for 13 Bitcoins or $100,000 to unfreeze the government computers. Because of the involvement by the NSA, city officials in Baltimore are requesting federal disaster relief funds to help restore its systems and recover from the incident.
The NSA initially developed EternalBlue in 2016 to address a flaw in Microsoft’s Server Message Block (SMB) protocol. However, the NSA waited five years to notify Microsoft about the vulnerabilities with its software, and only did so when a breach occurred. After learning about the possible theft of EternalBlue, the NSA warned Microsoft of the potential breach, and Microsoft responded by issuing a software patch in March, 2017.
Hackers in other countries, including Russia, North Korea, and China, have also utilized EternalBlue to cause damage to information systems throughout the world, which has had a huge financial impact on numerous entities.
While both the NSA and Federal Bureau of Investigation (FBI) have been investigating the matter, neither have said if the Shadow Brokers are foreign spies or possibly a group of disgruntled insiders.
Organizations can help prevent ransomware attacks on their systems by installing software updates when they are released by software manufacturers. These software updates often contain critical patches for security holes that might occur in their products. However, many choose not to take the time to install software updates because they are not thought of as being very important.
Technical Framework provides services to assist organizations with preventing cyber attacks and developing business continuity plans. These services include ethical hacking, assessment of your organization, risk intelligence, firewall management, and data leak prevention. Please contact us to learn more about our free consultations.