Just as the reverberations from the WannaCry ransomware outbreak earlier this month have started to slow, a new strain has already cropped up. On Sunday, researchers confirmed the new strain of malware called “EternalRocks”.
Already determined to be more dangerous than WannaCry and tougher to fight.
According to researchers, this worm that combines 4 NSA exploits, including the same vulnerability that helped WannaCry spread to computers.
WannaCry
Earlier this month, the WannaCry ransomware attack plagued hospitals, schools, and offices around the world. It spread to more than 250,000. With the use of two NSA exploits released by Shadow Brokers, Eternal Blue and Double Pulsar. A few days later, researchers discovered Adylkuzz, using the same exploits, created botnets to mine from cryptocurrency.
And now, there’s EternalRocks. Miroslav Stampar, a cybersecurity expert for Croatia’s CERT, captured a sample of the worm in a Windows 7 honeypot that he runs.
EternalRocks
The majority of the tools used an exploit with the standard file sharing technology used on PC’s called Microsoft Windows Server Message Block. This is how WannaCry spread undetected and so quickly. Microsoft patched these vulnerabilities in March, however there are many systems still at risk.
Unlike Wannacry – which alerts victims that there computers have been infected – EternalRocks remains hidden and quiet. Once in a computer, it downloads Tor’s private browser and sends a signal to the worm’s hidden servers.
For, 24 hours, EternalRocks does nothing, just waits.
But after a day, the server responds and starts downloading and self-replicating.
What does that mean, exactly?
EternalRocks stays a day ahead of security experts.
“By delaying the communications the bad actors are attempting to be more stealthy,” Michael Patterson, CEO of security firm Plixer, said. “The race to detect and stop all malware was lost years ago.”
It even names itself WannaCry in an attempt to hide from security researchers, Stampar said. Like variants of WannaCry, EternalRocks also doesn’t have a kill-switch, so it can’t be as easily blocked off.
For the time being, EternalRocks remains dormant as it continues to spread and infect more computers. Stampar warns that the malware can be weaponized at any time, in the same fashion that WannaCry’s ransomware struck all at once.
To learn more about how you can protect your business from cyberattacks, contact Netwyn today.