A new network worm dubbed EternalRocks is making the news this week as the successor to the WannaCry ransomware. EternalRocks leverages some of the same vulnerabilities and exploit tools as WannaCry but is potentially more dangerous because it exploits seven NSA tools that were released as part of the ShadowBrokers dump for infection instead of two used by WannaCry.
EternalRocks has the potential to spread faster and infect more systems. EternalRocks is currently dormant and isn’t doing anything nefarious such as encrypting hard drives. But EternalRocks could be easily launched in an instant, making the need for preventive action urgent.
Why EternalRocks may be bigger than WannaCry
WannaCry used only two of the SMB exploit tools: ETERNALBLUE and DOUBLEPULSAR. EternalRocks leverages seven NSA SMB exploit tools to locate vulnerable systems:
- ETERNALBLUE
- DOUBLEPULSAR
- ETERNALCHAMPION
- ETERNALROMANCE
- ETERNALSYNERGY
- SMBTOUCH
- ARCHITOUCH
EternalRocks does not have a kill switch which helped curtail WannaCry and mitigate the ransomware damage.
The clock is ticking with EternalRocks; speak to eStorm how you can protect your business network with proactive solutions.
