Pagoda Blog

The city of Baltimore was recently the target of a ransomware attack that paralyzed government services and is costing the city thousands of dollars. You’ve probably read about this attack in the news and perhaps even fretted a bit that a similar attack could be carried out on your own city government. After all, city governments notoriously have outdated computer networks and limited funding for cybersecurity, putting them at risk. But what about your business? The software used to launch this recent attack has also been used to target private corporations and is popping up as the culprit of attacks every day. Here’s what you need to know about why Baltimore fell victim to ransomware and how to ensure your business doesn’t become the next target.

 

When NSA Software Falls into the Wrong Hands

The first thing you need to know about the Baltimore attack is that the ransomware weapon, EternalBlue, was developed by the NSA to exploit flaws in outdated Microsoft systems. The NSA used EternalBlue for counterterrorism missions and to gather critical intelligence for the agency. Leaked to the public in April of 2017, it has since been used worldwide in cyberattacks by malicious hackers, shutting down everything from hospitals and shipping operations to airports and A.T.Ms. EternalBlue is, in fact, the same weapon used in the famous WannaCry attack in Britain. After an extensive world tour, the NSA exploitation tool is now unfortunately being used to target local U.S. governments.

 

How EternalBlue Crippled Baltimore’s City Government

Here’s how EternalBlue works: The software exploits a flaw in Windows’ operating systems, especially those versions prior to Windows 8. (It’s important to note, however, that Windows 10 can still be vulnerable if you haven’t downloaded the latest security update.) Older versions of Windows are particularly vulnerable because tech companies like Microsoft typically focus their updates and security patches on their newest operating systems—Windows 10 in this case.

 

When companies become aware, however, of a fatal flaw in older operating systems still widely in use, they quickly issue a security patch in an effort to prevent an attack. The NSA, for example, was aware of the breach in EternalBlue before it was used against hundreds of thousands of computers worldwide. They reached out to Microsoft and other tech companies to create a patch, and the patch was released shortly before the large-scale WannaCry attack. Unfortunately, not everyone downloaded the security update so thousands of computers were left vulnerable, allowing the virus to spread to over 200,000 computers. This is a perfect example of why it’s always important to update your operating system when prompted.

 

EternalBlue gained access to the city’s network by sending phishing emails to city employees. With a phishing email, the attacker only needs one person to click a malicious link in order to gain access to their computer and through it, the entire network. Baltimore’s city government was using outdated software and operating systems, allowing EternalBlue to gain access to their entire system through one of these phishing emails. Once they gained access, EternalBlue shut down the local government by effectively freezing thousands of city employees’ computers. A digital ransom note flashed across every screen, demanding payment in the form of bitcoin in exchange for the city’s now encrypted files.

 

The attack has affected thousands of computers, impacting government services including property taxes, pending home sales, water bills, and health alerts. If the city doesn’t pay the ransom, it could take months before their network is back online.

 

How to Ensure Your Network is Protected from EternalBlue

If you use Windows, it’s important to take several steps to help protect your network from the threat of EternalBlue.

Update Your Operating System

First, you can see if your version of Windows is vulnerable by using this free tool by Eset. If the tool determines your system is vulnerable, you will need to update your operating system. A good rule of thumb is if you’re not using Windows 10, it’s time to update.

 

(Don’t worry—we have a post all about leveraging Windows 10 features to make the transition as smooth as possible and optimize your workflow.)

 

For those of you still using Windows 7, Microsoft is ending support for this version by January 2020. Here at Pagoda we are actively working to migrate all our clients off this operating system by then, in addition to encouraging businesses to retire Internet Explorer as their default web browser.

 

Train Your Team in Cybersecurity  

It’s also equally important to provide cybersecurity training to your entire team. As mentioned above, EternalBlue is typically spread by phishing emails which rely on an uninformed employee to click a link or open an attachment from an unknown sender. An effective cybersecurity training, like KnowBe4 which we use for our clients, teaches employees how to recognize suspicious emails and websites and what steps to take if they receive a phishing email. This allows your employees to become the first line of defense for your company.  

 

Add Extra Layers of Security

Lastly, take the time to implement additional security measures throughout your business. There are simple steps you can take, such as establishing a BYOD policy at the office, requiring two-factor authentication, and storing passwords in a secure password manager rather than your browser. We also, of course, recommend hiring a Managed Service Provider to ensure proper implementation of the most effective security measures and to provide ongoing IT maintenance and monitoring for your business.  

 

Related posts:

 

5 Virus Protection Tips Beyond Security Software

Which is the Most Secure Browser?

What To Do If You Receive Blackmail in Your Inbox

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing.

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.