EternalRocks: If you thought WannaCry was bad, this is worse

EternalRocks: If you thought WannaCry was bad, this is worse

Category 1 cyber-attack similar to WannaCry may happen soon, warns NCSC director

EternalRocks, a successor of WannaCry, is expected to be the ultimate cyber-weapon, armed with at least seven cyber tools stolen from the NSA database.

EternalRocks will not have a kill switch and if weaponised, will be many times more destructive compared to WannaCry ransomware.

The warning flag was recently raised by security researcher Miroslav Stamper, who is a member of the Croatian Government CERT. Stamper contends that EternalRocks not only uses lethal SMB (Server Message Block) tools which are named EternalBlue, EternalChampion, EternalSynergy, and EternalRomance but also SMB reconnaissance tools named SMBTouch and ArchTouch which can keep an eye on affected computers.

Suspected hackers exclusively targeting British MPs with phishing e-mails

Earlier this year, a group of hackers calling themselves Shadowbrokers released several hacking tools which they obtained from NSA’s servers. While a couple of them were utilised for the WannaCry ransomware attack, the new EnternalRocks worm has been crafted out of as many as seven hacking tools. Stamper has decided to appropriately term EternalRocks as ‘DoomsDayWorm.’

According to Bleeping Computer, EternalRocks is now under testing and hasn’t been unleashed yet. However, it will be very convenient for hackers to weaponize the worm with malware, banking trojans or ransomware which will be hard to contain since the worm doesn’t come with a kill switch unlike WannaCry.

“Matter of time when common malware through phishing bad guys will incorporate SMB exploits for synergistic attack. Then, we die,” Stamper tweeted.

EternalRocks will affect computers in two stages. First, it will invade a system, download Tor and connect with a command and control server located inside Tor. After about 24 hours, the server will respond, enabling the worm to replicate itself and attack more computers. This delay in connection will make researchers believe that it is no ransomware and is just an ordinary infiltration.

Hackers steal upcoming Pirates Of The Caribbean movie, demand huge ransom

EternalRocks will also run DoublePulsar in infected systems which will work as a backdoor for malware to be installed. However, Stamper reports that the backdoor isn’t protected yet and this will enable other hackers to utilise it to pour in their own malware, thus effectively destroying systems.

The only positive factor here is that researchers are now aware of the impending threat and may create software patches before EternalRocks arrives. However, considering how powerful the worm is, this will be a time-consuming exercise and may not be completed before actual infections take place.

“The worm is racing with administrators to infect machines before they patch. Once infected, he can weaponise any time he wants, no matter the late patch,” Stamper told Bleeping Computer.

WannaCry hackers promise more lethal cyber-attacks in June

It is beyond anyone’s doubt that if EternalRocks is weaponised, the most affected systems will be the ones running outdated versions of the Windows operating system. While the effect of WannaCry ransomware wasn’t too high in the UK, the NHS was particularly affected not only because of poor cyber hygiene, but also because the organisation still uses thousands of computers running older versions of Windows.

“Something like this was always inevitable. While organisations are distracted by high profile dramatized threats, such as Russian election hacking, they are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks like this. Until basic cyber hygiene is taken seriously, these attacks will continue to happen at this scale with an impact disproportionate to the nature of the attack,” Brian Lord OBE, former Deputy Director GCHQ Cyber and Intelligence.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]