New EternalRocks malware is “WannaCry version 2.0”

A new form of malware which uses the NSA’s leaked hacking tools has been discovered, as reported by CNET[1]. The malware is called EternalRocks, and uses seven exploits leaked in April by the Shadow Brokers. The Shadow Brokers obtained the exploits after they reportedly hacked the NSA, and their posting led to the creation of the WannaCry ransomware[2].

While EternalRocks uses seven of the leaked exploits, WannaCry only used two. Miroslav Stampar, a cybersecurity expert for Croatia’s CERT, discovered EternalRocks last week, and tracked the first attacks to 3 May, stated the report. EternalRocks uses the following tools leaked by the Shadow Brokers:

  • EternalBlue
  • DoublePulsar
  • EternalChampion
  • EternalRomance
  • EternalSynergy
  • ArchiTouch
  • SMBTouch

“The majority of the tools exploit vulnerabilities with standard file sharing technology used by PCs called Microsoft Windows Server Message Block, which is how WannaCry spread so quickly,” stated CNET.

Microsoft patched the vulnerabilities in March, but many PCs remain at risk due to users not updating their OS. Where EternalRocks differs from WannaCry is that it has not alerted victims to a ransomware infection – it remains hidden, downloads Tor, and sends a signal to the worm’s servers. From there, the server responds, and starts downloading and self-replicating.

The report warned that EternalRocks can be “weaponised at any time”, and what its ultimate attack will be is not known at this stage.

Now read: Telkom systems crippled by WannaCry ransomware[3]

References

  1. ^ CNET (www.cnet.com)
  2. ^ WannaCry ransomware (mybroadband.co.za)
  3. ^ Telkom systems crippled by WannaCry ransomware (mybroadband.co.za)

Leave a Reply

Your email address will not be published. Required fields are marked *