Baltimore ransomware attack due to Microsoft Win XP and Vista operating systems

[steven36]

An official update released by Baltimore city officials’ states that the ransomware attack which took place on May 2019 on the city’s database was due to the fact that most of the systems were operating on obsolete operating systems such as Windows XP and Windows Vista which are “extinct” as per the Windows Security Update center.

 

 

Since the hackers who launched the attack used NSA discovered EternalBlue flaw to exploit the vulnerabilities in the XP and Vista systems the damage is said to have gone beyond their expectations.

 

As the recovery estimate is said to go beyond $19 million, last week Baltimore city officials agreed to transfer $6 million funds meant to develop parks and public facilities to be used to remediate the costs incurred from the cyber attack.

 

However, the officials state that the allotted fund might prove insufficient as the need to replace hardware and software is going beyond the cost-wise estimation.

 

Furthermore, Baltimore city has decided to purchase cyber insurance at a cost of $830,000 covering all IT infrastructures with $20 million cyber liability coverage.

 

Note 1- When the malware encrypted the database, hackers were demanding a ransom of $76,000 to decrypt files .

Note 2- Nowadays there is speculation going in the media that Insurance companies before taking a cyber insurance policy promise big to cover all digital assets if in case a cyber attack incident strikes a business firm. But when it comes to paying for the liabilities, they always push the victimized firm to bow down to the demands of hackers as paying a ransom is much cheaper when compared to the costs incurred for a cyberattack recovery.

 

Source

[Sylence]

They only have themselves to blame. 

it's not about Windows at all.

using outdated and not supported Linux or Mac OS version can get you hacked too. that's exactly the reason why engineers create security patches.

when the patient doesn't want to take the medicine the doctor provides, it's his/her own fault whatever happens next. 

[steven36]

With EternalBlue you cant be hacked on Linux or Mac its a windows virus so this post is just about windows . Any OS can be  hacked  but Windows virus dont live in Linux .  I post about Linux malware  too when something happens.

[mp68terr]

4 minutes ago, Sylence said:

when the patient doesn't want to take the medicine the doctor provides, it's his/her own fault whatever happens next.

It's not only about 'to want' or 'not to want' to take the medicine/upgrade, it's also about being able to afford it, or not. Many people don't treat themselves simply because they cannot afford the medicine/treatment. Here, buying new hardwares and upgrading the OS would cost a lot if going the m$oft/apple way , on the other hand there is probably no need to change hardwares and it's possible to upgrade the OS for free if going the linux way.

Sure, using vulnerable system makes it easier for hackers, but it's likely not that simple to upgrade for public administrations often lacking budget and time to train the staff.

[steven36]

1 hour ago, mp68terr said:

It's not only about 'to want' or 'not to want' to take the medicine/upgrade, it's also about being able to afford it, or not. Many people don't treat themselves simply because they cannot afford the medicine/treatment. Here, buying new hardwares and upgrading the OS would cost a lot if going the m$oft/apple way , on the other hand there is probably no need to change hardwares and it's possible to upgrade the OS for free if going the linux way.

Sure, using vulnerable system makes it easier for hackers, but it's likely not that simple to upgrade for public administrations often lacking budget and time to train the staff.

The thing was XP was patched https://www.microsoft.com/en-us/download/details.aspx?id=55245

 

Microsoft still patches virus in old OS  just they dont patch against malware .  Microsoft released  updates for EternalBlue months  before  it was exploited  by Blackhats in the wild the NSA gave them the info to patch it .  You could also use a reg hack for XP pos ready updates  tell not long ago. But the fact is millions of people didn't update  there systems  it started  out with Wanacry and Windows 7  and it still being used in new exploits .

 

Microsoft also released a xp  patch for CVE-2019-0708 Critical Remote Code Execution Vulnerability witch is a  wormhole in windows XP/Vista and windows 7

https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry/#25cb6ab331ae

Many people i talk to stop doing updates back when Microsoft try to push Windows 10 on them and  they was vulnerable if they didn't patch for virus , malware dont really matter as much  if you can find and AV  that still work on XP you should be OK I guess?

Viruses have been around for  ages and its  always a hole they find in windows  that's exploited . Before Windows XP  SP2 most virus exploded  Windows XP firewall it was like you had  no firewall it had a big hole in it and that the reason they invented 3rd party firewalls . Windows Firewall didn't become really good tell  Vista. After Vista all you needed was a piggyback program and you had a good firewall. I  use to use 3rd party firewalls on windows but now  i just use Windows 10 firewall control  since 2014 it was called Windows 8 firewall control back then witch is just a piggy back to control windows Firewall.  it stated out as Vista Firewall control it changed names every new version of windows but it works on everything but xp witch have a shitty  built in firewall.  

 

People that were not on the internet in the early 2000s never seen bad virus out breaks . Microsoft  and antivirus  has about killed them all out over the years .  the 1st good antivirus  i ever used was Kaspersky  that really  prevented virus but back then if you was using another AV and a virus got by Kaspersky couldn't remove it  if you installed it after the fact . It only could prevent a virus  but it couldn't delete it so it was reformat city back then if  you got infected.

[b00zer]

I feel bad for this city, so much economic problems with housing and drugs.  That hack has set them back for years.