News

Published on June 3rd, 2019 📆 | 2145 Views ⚑

0

Baltimore hackers taunt mayor, EternalBlue not used in attack


Text to Speech

The hackers purportedly behind the Baltimore ransomware attack may be attempting to boost the pressure on the city to pay up as they have tweeted out some possibly sensitive information, additionally researchers have determined that the NSA hacking tool EternalBlue was not used in this attack.

Eric Sifford, security researcher with Armor’s Threat Resistance Unit, and Joe Stewart, an independent security consultant working with Armor, said there are no elements of the EternalBlue exploit in the Robbinhood ransomware code used against Baltimore. The two also analyzed several documents tweeted out by the attackers and found they do belong to Baltimore and could have been removed from its system.

“One of the
documents indicates that it has been scanned/copied on May 4, 2019 and pertains
to a June 2018 court case where the mayor and City Council of Baltimore City
are being sued by an individual. The other document appears to have been
copied/scanned on April 23, 2019 and pertains to a worker’s comp medical file
which went to the City of Baltimore,” Sifford wrote.

Baltimore’s networks were locked up by the ransomware attack on May 7, which could mean the malicious actors were in the city’s network well before triggering the encryption.

These tweets
did convince Sifford and Stewart that the person or persons behind the tweets
are responsible for the attack. In addition to showing confidential information
the attacker also tweeted insults at Baltimore Mayor Jack Young.





A screengrab of one of the tweets from Armor.

Baltimore
officials estimated at a city budget meeting on May 29 that the attack could
cost the city $18.2 million. About $4.7 million has already been spent. The
Baltimore Sun obtained a copy of the ransom note which contained an a la carte
demand list asking for 3 bitcoins, about $17,600, to decrypt individual systems
or 13 bitcoins, about $76,000, to decrypt all the city’s systems.

“It is
clearly an effort by the hacker(s) to prove they can decrypt the city’s files, This
might be an opportunity for the Mayor and Baltimore’s incident responders to
determine if the threat actors truly have the capabilities to unlock their
data. As a cybersecurity expert, I generally recommend against paying a ransom;
however, each case is unique in its totality, and I understand sometimes an
organization’s leadership may decide their best option is to pay,” Sifford and
Stewart said in a blog.

.

Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑