Ruppersberger: Stolen NSA Tool Had Nothing To Do With Baltimore Ransomware Attack

Rep. C.A. Dutch Rupperberger said Friday that leaders of the National Security Agency told him the leaked tool EternalBlue played no role in the ransomware attack on Baltimore City computers.

"I’m told it was not used to gain access nor to propagate further activity within the network," Ruppersberger said in a statement. "It is important that discussions regarding the use of government cyber tools, and subsequent leaks, be rooted in facts as they become available."

The ransomware attack has left city computers crippled for more than three weeks.

EternalBlue is an exploit developed by the NSA that was leaked in April of 2017 and used in a worldwide ransomware attack a month later. Microsoft patched vulnerable Windows systems after the NSA alerted them to the theft the month before the tool was leaked.

"Now, our focus now should be on Baltimore’s recovery. It is my understanding that the FBI is leading an ongoing investigation and I look forward to hearing deeper analysis from them when they conclude," Ruppersberger said. "It’s easy to suggest that leaked cyber tools are worthless with proper patches and good cyber hygiene. But the reality is that patching can be hard and requires resources that many municipalities don’t have. I believe the federal government needs to do more to help municipalities better protect their networks."

He said much the same to C4 on Thursday, saying public-sector networks are an attractive target to those who wish to do harm.

On Friday, Ruppersberger said the U.S. needs to better protect its digital tools from leaking out and becoming weapons. He said other tools stolen in 2017 remain unused.

The NSA will brief Ruppersberger and other members of Maryland's congressional delegation on Monday, for what his office indicated will be a more in-depth discussion.