After Wannacry, another ransomware EternalRocks found: Researchers

EternalRocks, a new malware, has been identified by the researchers that targets the same vulnerability that wrecked havoc worldwide by ‘WannaCry‘ ransomware, a media report said.

EternalRocks exploits the same vulnerability in Windows that helped WannaCry spread to computers. The malware includes far more threats than WannaCry, making it potentially tougher to fight.

Like the ransomware, also known as WannaCry, EternalRocks uses an NSA tool EternalBlue to spread itself from one computer to the next through Windows. But it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry), according to the Fortune reported.

Currently, EternalRocks does not have any malicious elements as it does not lock or corrupt files, or use compromised machines to build a botnet. But that’s not particularly reassuring, because EternalBlue leaves infected computers vulnerable to remote commands that could ‘weaponize’ the infection at any time.

WannaCry, has hit over 150 countries, including India and USA and affected over 240,000 machines, primarily those running unpatched versions of Windows 7. WannaCry encrypts files and demands payment for unlocking them or to decrypt those files as it uses the combination of some primary and public keys.

Accroding to the researchers, EternalRocks is stronger than WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware.

EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, the report noted.

According to the researchers who found EthernalRocks, EthernalRocks has not spread very far yet, but it just a wave of new malware based on NSA-authoredexploits. The consequences have already been serious, and they could get worse.

The last 10 days have seen a wave of cyber attacks that have rendered companies helpless around the globe.
First it was WannaCry that spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. It encrypted files on infected machines and demanded payment for unlocking them.
WannaCry had some loopholes that made it easier to slow and circumvent.

Over 48,000 attempts of ransomware attacks were detected in India. With 60 per cent of the attempts targeted enterprises, while 40 per cent were on individual customers, a cyber security firm, Quick Heal Technologies had said.



Shashank Tiwari

Shashank Tiwari is a writer from India and the Tech Explained editor. In his free time he dabbles in fiction, photography, and game development.

Notify of
Inline Feedbacks
View all comments