A ransomware attack leveraging an unpatched vulnerability affected several of Baltimore (Maryland, USA)’s, government services. In the recent Cyber Pros Exchange episode of the ISACA Podcast, Frank Downs and Dustin Brewer, 2 of ISACA’s in-house security experts, discuss how this ransomware attack occurred, the services it affected and lessons learned from this attack.
Both Downs and Brewer note that enterprises today need to patch for the EternalBlue cyberattack exploit, the vulnerability that caused this attack. This is the same exploit that was used as part of the WannaCry ransomware attack and the NotPetya cyberattack in 2017. If an enterprise cannot patch due to the use of legacy systems, it should consult freely available frameworks such as the US National Institute of Standards and Technology’s NIST Cybersecurity Framework for how best to mitigate this issue. Patching today is taking the time to respond and learn from previous attacks, including the one in Baltimore, to avoid making the same mistakes. Downs and Brewer note that in situations like these, it is important to focus on how to better the organization to avoid similar fate rather than playing the blame game.
The Examining the Baltimore Ransomware Attack ISACA Podcast episode, along with dozens of other podcast episodes, is available on the ISACA Podcast page of the ISACA website and can be streamed or downloaded from Apple Podcasts, Google Play, Stitcher or SoundCloud.