The mayor and city council president of Baltimore are pushing for the ransomware attack that brought Baltimore’s city government to a standstill to be designated a disaster, and officials are seeking federal aid to help pay for the cleanup from the RobbinHood malware’s damage. This call came after a New York Times report that the ransomware used the EternalBlue exploit developed by the National Security Agency to spread across the city’s network.
EternalBlue was part of a set of tools developed for the NSA’s Tailored Access Operations (TAO) group that were leaked by Shadow Brokers in 2017. The tool was then used two months later as part of WannaCry, the destructive cryptographic worm that affected thousands of computers worldwide. Shadow Brokers has been linked by some security experts to a Russian intelligence agency; WannaCry has been attributed to North Korea’s military.
After being alerted by the NSA. Microsoft issued a security patch for the vulnerability exploited by EternalBlue (among others) in March of 2017, even issuing patches for Windows Vista (which was at the time just about to be dropped from long-term paid support) and Windows XP (which had already dropped out of support).