4 min read

EternalBlue Worm Still Claiming Victims Two Years after WannaCry and NotPetya

Filip Truta

May 29, 2019

EternalBlue Worm Still Claiming Victims Two Years after WannaCry and NotPetya

The government of the US city of Baltimore is seeking federal dollars to recover from a devastating ransomware attack that allegedly leveraged the NSA-developed EternalBlue exploit. 

Baltimore Mayor Bernard Young said at a press conference that he asked the federal government for financial support as the city recovers from the RobinHood ransomware attack it suffered in early May.

"This was a smart virus. Anytime NSA do something they do it well, I just hope that they had the key so we can all get out of this," Young said.

According to a New York Times report, Young was referring to EternalBlue, an exploit developed years ago by the National Security Agency (NSA) that was subsequently stolen and leaked by foreign operatives. The same exploit was used for its wormable capabilities in the massively disruptive WannaCry and NotPetya attacks in 2017.

The AFP, however, cites a security expert as saying that EternalBlue was not used in the RobinHood attack. Meanwhile, sources close to Ars Technica tell the publication that “the ransomware was spread across the network—at least in part by using code cut-and-pasted from the EternalBlue tool leaked by ShadowBrokers.”

The sources also said RobinHood arrived via a phishing attack against an unwary city employee, underscoring for the millionth time the importance of staff training in cybersecurity matters.

Baltimore’s current CIO and Chief Digital Officer, Frank Johnson, had reportedly earlier enlisted Gartner Research to help develop a five-year plan to bring Baltimore's IT infrastructure up to speed. The plan remains “largely unimplemented,” Ars reported.

"Decades of decentralized information technology (IT) management and insufficient enterprise investment has led to a system that struggles to support city priorities and deliver service improvements for both residents and businesses,” Johnson said. “Furthermore, many of the city’s IT capabilities are outdated and lack the modern-day range of capabilities offered by comparable cities.”

Baltimore’s Office of Information Technology estimates the city would have to raise its IT spending to "the $128 million to $156 million range" to combat future cyber threats. Baltimore's 2018 budget only allocated 2.5% ($65 million) of the city’s total budget for information technology operations. In 2019, that figure is even lower: $31 million.

Young insisted the federal government is responsible for covering some of these costs, blaming the NSA for EternalBlue’s existence.

Following the WannaCry and NotPetya attacks in 2017, Microsoft issued patches for the vulnerabilities exploited by EternalBlue. Two years after those attacks, the EternalBlue worm is still in use across more than 1 million Internet-connected computers globally, according to the Shodan search engine.



Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

You might also like