A previously leaked cyberweapon created by the National Security Agency has been confirmed as the source for Baltimore's ransomware attack, according to The New York Times.
Baltimore has been locked out of thousands of computers for nearly three weeks. The May 7 ransomware attack left city officials unable to access email accounts and other networks that provide health alerts and other systems.
A key component of the ransomware attack, EternalBlue, was developed by the NSA and leaked in 2017 by an unidentified group known as the Shadow Brokers. EternalBlue was one of the most useful exploits in the NSA's cyberarsenal, NYT reports.
NSA found a flaw in Microsoft's software and wrote a code to target the vulnerability. It was originally named EternalBluescreen because the malware would crash computers. However, NSA went on to use the tool for intelligence gathering and counterterrorism missions.
EternalBlue was kept a secret from Microsoft for more than five years until it was leaked, forcing the NSA to alert Microsoft of the flaw in its software. Since being leaked, the malware has been used around the world to exploit money from towns and cities.
Hackers are demanding $100,000 in Bitcoin from Baltimore city officials to receive decryption codes, NYT reports. Baltimore has refused to pay the ransom.
Experts say that without EternalBlue the damage would not have been so widespread. EternalBlue allows hackers to exploit vulnerabilities in unpatched software and then spread malware faster and farther than other malware.
Once alerted by the NSA of EternalBlue, Microsoft did release a patch for the flaw. However, thousands of computers remain unprotected, according to NYT.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island