San Francisco: After a host of different ransomware attacks that hit enterprises across the globe, security researchers have now identified a new strain of malware “EternalRocks” that is more dangerous than WannaCry and is potentially tougher to fight.
According to the researchers, “EternalRocks” exploits the same vulnerability in Windows that helped WannaCry spread to computers. It also uses a NSA tool known as “EternalBlue” for proliferation, Fortune reported on Sunday.
“It also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry),” the report said.
In its current form, “EternalRocks” does not have any malicious elements — it does not lock or corrupt files, or use compromised machines to build a botnet — but leaves infected computers vulnerable to remote commands that could ‘weaponise’ the infection at any time.
“EternalRocks” is stronger that WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware.
EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, the report noted. The last 10 days have seen a wave of cyber attacks that have rendered companies helpless around the globe.
First it was WannaCrypt or WannaCry that spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. It encrypted files on infected machines and demanded payment for unlocking them.
After facing a massive “WannaCrypt” ransomware attack, another type of malware quietly started generating digital cash from machines it infected.
Tens of thousands of computers were affected globally by the “Adylkuzz attack” that targeted machines, let them operate and only slowed them down to generate digital cash or “Monero” cryptocurrency in the background.
“Monero” — being popularised by North Korea-linked hackers — is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability.