A new network worm dubbed “EternalRocks” is making the news this week as the successor to the WannaCry ransomware. EternalRocks leverages some of the same vulnerabilities and exploit tools as WannaCry but is potentially more dangerous because it exploits seven NSA tools that were released as part of the ShadowBrokers dump for infection instead of two used by WannaCry.
EternalRocks has the potential to spread faster and infect more systems – it’s currently dormant and isn’t doing anything nefarious such as encrypting hard drives.
EternalRocks could be easily weaponized in an instant, making the need for preventive action urgent.
WannaCry used only two of the SMB exploit tools: ETERNALBLUE and DOUBLEPULSAR. EternalRocks leverages seven NSA SMB exploit tools to locate vulnerable systems:
ETERNALBLUE, DOUBLEPULSAR, ETERNALCHAMPION, ETERNALROMANCE, ETERNALSYNERGY, SMBTOUCH and ARCHITOUCH
EternalRocks does not have a kill-switch which helped curtail WannaCry and mitigate the ransomware damage.
Take advantage of the vulnerability scanning detection tools from 4ITSec now before any damage is inflicted on your systems (Sliding scale prices)