Ransomware Stems From Governments, But Bitcoin Gets The Blame

Ransomware Stems From Governments, But Bitcoin Gets The Blame

When hackers paralyzed the city of Baltimore with a ransomware attack last month, the focus became not the theft itself, but a $76,000 Bitcoin ransom.

NSA Passes Ransomware Buck

According to a recent report from The New York Times, a ransomware attack in Baltimore, Maryland in May was empowered by the use of a stolen National Security Agency (NSA) cyberweapon.

In a previously published article, the Times had reported that the cyberweapon, EternalBlue, came to light after discovery by each of the four contractors hired to investigate the attack and fix the citys network.

The weapon was possibly stolen and redistributed in 2017 by a group called the Shadow Brokers, but the NSA refused to comment on the incident or existence of the cyberweapon.

EternalBlue featured in attacks by North Korea and Russia in 2017 and the tool has caused billions of dollars worth of damage to various governments and corporations.

Maryland Congressman Dutch Ruppersberger also issued a statement informing the media that he had been briefed by senior leaders from the NSA and according to Ruppersberger, the NSA said that there was no evidence at this time that EternalBlue played a role in the ransomware attack affecting Baltimore City.

BTC Payment Rejected

The investigators speaking with the Times demanded that they remain anonymous and they are still working to piece together the exact chronology of the ransomware attack. The most popular explanation is that hackers breached an open server in Baltimores network then proceeded to install a back door.

EternalBlue might have been used to travel across Baltimores computers and a separate software tool called Web Shell could have acted alongside it.

The hackers demanded that the city pay the $76,000 ransom in Bitcoin 00 but Major Bernard C. Young refused to pay. While this may have been a smart move, the city now estimates that the cost of the ransomware attack totals more than $18 million due to lost revenue and the cost of recovery efforts.

According to investigators, a popular hacking technique called pass-the-hash helped spread the ransomware and lately EternalBlue has acted as a tool to launch attacks against local and municipal governments in the United States. These places tend to use older equipment, the theory goes, which has not followed suggested software updates.

In 2017 Microsoft released a Windows update which would have protected Baltimores computers against EternalBlue but it appears that the update was not installed.

Blame it on Bitcoin

Interestingly, media coverage of the ransomware attack focused primarily on Bitcoin being the method of payment the attackers wanted and the oft-used narrative of Bitcoin and cryptocurrency being primarily used by terrorist groups, drug dealers and online dark markets once again emerged.

Oddly enough, Bitcoin frequently becomes such a focal point and scapegoat, taking the blame for ransomware and other attacks.

A report in April concluded BTC made up 98 percent of all crypto-denominated ransomware payments, with privacy-focused coins such as Monero accounting for a comparatively tiny share.

In this case, however, surely the true culprit is Americas ageing technology infrastructure and a lack of proper cybersecurity training for local government employees.

Who should be blamed in this situation? Bitcoin or the city of Baltimore? Share your thoughts in the comments below!

Images via Shutterstock, Coveware.com

The post Ransomware Stems From Governments, But Bitcoin Gets The Blame appeared first on Bitcoinist.com.

09.06.2019 / 09:30 70
Chinese Government Officials Targeted With Ransomware, North Korea Suspected Chinese Government Officials Targeted
A statement issued by the Peoples Government of Yiling District, Yichang has revealed that Chinese officials have been the target of a ransomware
Ryuk Ransomware Targets Businesses with Bitcoin Demands, Links to North Korea? Ryuk Ransomware Targets Businesses with
A new, highly targeted ransomware attack has been affecting large businesses. The Ryuk operation demands that victims make large Bitcoin payments for
Cybercriminals Are Moving from Ransomware to Cryptojacking: Kaspersky Lab Cybercriminals Are Moving from
According to a report published by Kaspersky Lab, a global cybersecurity company, there has been a significant shift from ransomware-related attacks
School District Forced to Pay $10,000 in Bitcoin Ransomware Attack School District Forced to Pay $10,000
The Leominster Public Schools District has become the latest victim of a Bitcoin ransomware cyberattack. The school district was forced to pay
Bitcoin Ransomware Attack Halts Major American Citys Government and Police Bitcoin Ransomware Attack Halts Major
[b]Many government services in Atlanta, Georgia, a major metropolitan US city, were brought to a halt this week. Ransomware appeared on municipal
Hackers Hit Atlanta with Ransomware Attack Hackers Hit Atlanta with Ransomware
Atlanta is the latest local government to have its computer system attacked by hackers. The criminals are demanding $51,000 in Bitcoin to remove
Comments (0)
Add a comment
Comment on