Ransomware attacks in US cities are using a stolen NSA tool

Reading Time: < 1 minute

The ransomware attacks in Baltimore and other US cities appear to have a common thread: they’re using NSA tools on the agency’s home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA’s stolen EternalBlue as a “key component,” much like WannaCry and NotPetya. While the full list of affected cities isn’t available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.

Microsoft has issued fixes for affected Windows version after the NSA disclosed the long-secret vulnerabilities. However, these attacks frequently succeed due to fragmented local governments that tend to be cautious about upgrades. In addition to using a mishmash of software and configurations that complicates updates, cities may be hesitant to patch or upgrade their software due to compatibility concerns and tight budgets.