EternalRocks, a new strain of malware that targets the same vulnerability as 'WannaCry' ransomware, has been identified.
Like WannaCry, EternalRocks is also more likely to affect Windows computers. According to media reports, the new malware includes far more threats than WannaCry, making it potentially tougher to fight.
The malware use the NSA tool known as Eternal-blue, like its predecessor, to spread from one computer to the next. But EternalRocks also uses six other NSA tools, with names like Eternal Champion, Eternal Romance, and Double Pulsar (which is also part of WannaCry).
In its current form, EternalRocks does not have any malicious elements — it doesn’t lock or corrupt files, nor does it try to build a botnet. But that's not particularly reassuring.
EternalBlue leaves infected computers vulnerable to remote commands that could ‘weaponise’ the infection at any time.
WannaCry, has hit over 150 countries, including India, and affected over 240,000 machines, primarily those running unverified versions of Windows 7. It encrypts files on infected machines and demands payment for unlocking them.
EternalRocks is stronger that WannaCry because it does not have any weaknesses, including the kill switch that a researcher used to help contain the ransomware.
EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, the report noted.
The researcher who found EternalRocks does not claim that it has spread very far yet, but it's just one example of a wave of new malware based on the NSA-authored exploits. The consequences have already been serious, and they could get worse.
The last 10 days have seen a wave of cyber attacks that have rendered companies helpless around the globe.
First it was WannaCry that encrypted files on infected machines and demanded payment for unlocking them. WannaCry had some loopholes that made it easier to slow and circumvent.
Over 48,000 attempts of ransomware attacks were detected in India. With 60 percent of the attempts targeted enterprises, while 40 per cent were on individual customers, a cyber security firm, Quick Heal Technologies had said.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)