EternalBlue: triggering ransomware attack on an entire city

A ransomware attack has terrorized the entire city of Baltimore. According to The Baltimore Sun, the ransomware has been identified as RobbinHood. The ransomware has attacked every system in the city of Baltimore since 7th May 2019. Attackers have demanded 3 Bitcoins per system or 13 Bitcoins to restore each system in the city as ransom. All the systems are shut thus, putting day-to-day activities on halt such as shutting down email service, payment of bills etc. The credit for this attack goes to the tool called ‘EternalBlue’ that has been created by the National Security Agency.

The city has been surviving on manual processing of transactions as well as setting up Gmail system for city workers.

What is EternalBlue?

EternalBlue is an exploit developed by the National Security Agency of U.S. First leaked in April 2017, the tool was used in the ransomware attack ‘WannaCry’ that has been identified as one of the most devastating ransomware attacks in the entire history of cyber-attacks.

EternalRocks or MicroBotMassiveNet is a worm that uses seven exploits and is known to infect Microsoft Windows. Once this tool installs the private network Tor for concealing internet activities, the server then responds to the malware request by downloading and self-replicating the ‘host’ machine. The tool exploits vulnerabilities present in unpatched software that allows faster deployment and circulation of malware.

According to an anonymous source, it almost took a year to discover the flaw in the Microsoft’s software. Used in countless counter terrorism missions and intelligence gathering, EternalRocks was initially known as EternalBluescreen since it initially crashed computers.

How impactful is EternalBlue?

EternalBlue first came into limelight for when it propagated the Wannacry ransomware attack on millions of people worldwide. Another ransomware attack which was infamously named BadRabbit infected millions of machines using EternalBlue.

How can organizations prevent themselves from becoming the next victim of EternalBlue?

Patching helps in faster recovery: Patches are changes in a computer program or its supporting data that helps in improving, updating and fixing the program.

Regular testing helps: Ensure periodic testing including system and server penetration testing for preventing the exploitation of vulnerabilities that might be lying undetected.

Limited use of Server Message Block: Attackers can easily exploit zero-day vulnerability present in the protocol and therefore, it is important to ensure that the SMB protocol is used only when needed.

Proactive cyber security measure: Incorporating cyber security measures helps in the protection of the system infrastructure against various cyber-attacks. One such measure is behavioural detection. This helps in preventing, detecting and responding to cyber-threats.

Artificial Intelligence: Artificial Intelligence is a very effective technology that can detect modern threats. Machine learning in combination with behavioural analytics multiplies the detection ability of the system.

Leave a Comment