The NSA is denying any responsibility—however indirect—for a ransomware attack that has crippled the city of Baltimore, a lawmaker tells the New York Times. Rep. C.A. Dutch Ruppersberger, a Maryland Democrat, says NSA leaders told him that agency software wasn't involved in the strike that has locked up city computers for nearly a month. "I'm told it was not used to gain access nor to propagate further activity within the network," says Ruppersberger. That contradicts a Times report that EternalBlue, which was stolen from the NSA in 2016, was used in the attack. How the NSA knew about results of the Baltimore investigation is unclear.
Ruppersberger made the remark as Baltimore is planning to seek federal dollars to pay at least some of the city's estimated $18.2 million cost in the attack, per the Baltimore Sun. Meanwhile, the city, the NSA, and the FBI (which is also investigating) aren't commenting on EternalBlue's possible involvement. The NSA has also kept quiet about whether EternalBlue was used in attacks against other US cities as well as factories, airports, hospitals, ATMs, and other targets. (So far, this is what Baltimore is telling the hackers.)