author photo
By SecureWorld News Team
Tue | Jun 4, 2019 | 12:35 PM PDT

It seems like nearly everyone in cybersecurity heard the story.

The story reads that the NSA-created exploit, known as EternalBlue, was used in the devastating ransomware attack against the City of Baltimore.

But is that story turning out to be fake news?

As Krebs On Security revealed, the Robbinhood ransomware strain holding the city hostage is not powered by the EternalBlue hacking tool:

According to Joe Stewart, a seasoned malware analyst now consulting with security firm Armor, the malicious software used in the Baltimore attack does not contain any Eternal Blue exploit code. Stewart said he obtained a sample of the malware that he was able to confirm was connected to the Baltimore incident.

“We took a look at it and found a pretty vanilla ransomware binary,” Stewart said. “It doesn’t even have any means of spreading across networks on its own.”

Stewart said while it’s still possible that the Eternal Blue exploit was somehow used to propagate the Robbinhood ransomware, it’s not terribly likely.