The story of an American city held hostage by ransomeware hasn’t been getting the attention it deserves, maybe because the victim is Baltimore, a poor city with a disgraced mayor and few national elites. Or maybe the story is not getting attention because the responsible party, the National Security Agency isn’t comment. NSA hackers created the ransomware but failed to secure it. The hackers got hacked, and now Baltimore’s city services are held hostage.
The government’s avoidance of accountability makes the story even bigger. The tools and techniques that U.S. spy agencies use against America’s enemies are being used against Americans.
From The New York Times:
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
Baltimore was hit earlier this month disrupting real estate sales, water bills, health alerts and many other services.
The Baltimore attack, on May 7, was a classic ransomware assault. City workers’ screens suddenly locked, and a message in flawed English demanded about $100,000 in Bitcoin to free their files: “We’ve watching you for days,” said the message, obtained by The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
Allentown, Pennsylvania, and San Antonio, Texas have also been hit. Last July, the Department of Homeland Security issued a dire warning that state and local governments were getting hit by particularly destructive malware that now, security researchers say, has started relying on EternalBlue to spread.
City Council president Brandon Ford is calling for an emergency disaster declaration, to no effect. An American city is calling for help and our national security agencies are silent.