Ten days after the WannaCry attack, which had sent companies and organizations across the globe into panic mode and which had spread across over 150 countries, here comes another malware that’s reportedly scarier than WannaCry and much more difficult to handle – meet EternalRocks …
EternalRocks, the newly-discovered malware, targets the same vulnerability that WannaCry ransomware targets. As widely reported WannaCry spreads via EternalBlue, a recently leaked Microsoft Windows exploit. It was the shadow brokers group that had exposed this Windows vulnerability. EternalRocks too uses the very same Windows vulnerability, EternalBlue, to spread from one computer to another. The news is that it also uses six other NSA tools, other than EternalBlue. These NSA tools include EternalRomance, EternalChampion and DoublePulsar.
Though EternalRocks uses the same Windows exploit to spread, security experts and analysts state that it’s definitely stronger and potentially tougher to fight compared to WannaCry. They point out that this new malware does not have any of those weaknesses that WannaCry had, including the kill switch that was used to contain its spread.
As per reports, EternalRocks, in its current form, does not have any malicious elements. It would not lock or corrupt files. It would not use infected machines to build a botnet. But the issue is that EternalBlue would leave infected computers vulnerable to remote commands which could ‘weaponise’ the infection at any time.
As already explained EternalRocks, though it works almost like WannaCry, doesn’t have the kill switch that a young researcher had used to help contain and kill it. This is not all that makes EternalRocks difficult and scarier. It also uses a 24-hour activation delay which attempts frustrating all efforts to study it.Well, we don’t have authentic reports that saw that EternalRocks has spread fast or that it has caused very serious damages. But researchers do point out that this malware could cause serious issues; they warn that once it starts doing mischiefs, it won’t be easy to combat it.
The last ten days had seen a sudden spike in ransomware strikes. Ransomware attacks have been going on for quite some time, but the WannaCry outbreak took it to a different level. It had become a global phenomenon, triggering kind of a panic even amongst the public. Having affected over 200,000 machines in over 150 countries, WannaCry (also known as WanaCrypt0r, WannaCrypt, or Wana Decrypt0r) managed to cause a never-before kind of virus scare. Big organizations like the NHS (National Health Service) in the United Kingdom, leading companies like FedEx in the US and telco giant Telefonica in Spain were hit. Access to systems and networks were blocked and users/administrators were asked for a ransom to get decrypted all those files that the ransomware had encrypted, overwritten and blocked. Following this came the Adylkuzz attacks that quietly started generating digital cash or ‘Monero’ cryptocurrency from machines it infected. Now comes reports about the rather scary EternalRocks.
Ashraf is a Technical Blog Writer from Comodo. He writes about information security, focusing on web security, operating system and endpoint security.