WannaCry has brought the world in serious agonies, and some could still not recover from these attacks then enters EternalRock. This EternalRock is another kind of Ransomware which is considered worse than WannaCry. Based on Antivirus companies reports have claimed that EternalRock uses the NSA- National Security Agency’s tools like EnternalBlue to infect the venerable Windows computer.
Unlike the WannaCry or WannaCrypt, EternalRock does not have a solution for preventing them from attacking. Instead, they can easily infect from one computer to another just like diseases.
How does EternalRock Infect your Windows Computer?
In the recent report, it is claimed that EternalRock does not lock/encrypt your files or data from your windows computer and ask for some money to decrypt them back. But they are even worse than WannaCry. As EternalRock do not have any weakness which the windows PC got the Kill Switch that is specially designed to encounter Ransomware.
Due to ineffective for the KillSwitch, EternalRock can freely utilize your computer and start infecting. Once infected, EternalRocks live upon an infected host which will trigger to download any Tor client then it will beacon its C&C server and sync your computer with the dark web. And this remains on your computer, stops you from accessing in your own computer and delays up to 24 hours and then the C&C server will respond. (Source- BleepingComputer)
EternalRock Uses 7 NSA Tools whereas WannaCry only 2!
According to the researchers, none of the reports have been out yet. But it is truth for real that the NSA tools have been exploited. And not only the EternalBlue of NSA have been used but also other tools like- EternalChampion, EternalRomance, EternalSynergy, SMBTouch, Architect, and DoublePulsur, have been infected/overwritten and used by the culprits. (Source- BleepingComputer)
So there are about 7 NSA security Tools that has been infected and used whereas in WannaCry only 2 has been used. But, when the WannaCry Ransomware outbreak riots, more than 240,000 victims were affected with only two NSA tools using- EternalBlue & DoublePulsur. So you can imagine with the 7 NSA tools if they intended to attack, what would be the intensity? This can even worsen the situation than WannaCry.
Switching to New SMB can secure from EternalRock
SMB windows security is trying to shut all the old version and its protocol to run the new system has started now. Currently, SMS (Server Message Block) is scanning the computer to search for vulnerable computer systems or unpatched version. And once they the issue with old version SMBv1 is detected, this version is disabled. So in this manner, they are reducing the number of old version SMB to secure further from any EternalRock attacks. (Source- BleepingComputer)
This protocol can avoid much from EternalRock attacks, as reported, the malware name- Adylkuzz is also been shut down by SMB. And by doing so, they have successfully stopped Adylkuzz. But the report also tells that the malware or worm is racing with the system administrator to infect before they could patch all the computer. And once infected, it can weaponize anytime and infect a windows computer and finally spread to others.
So for staying away or preventing EternalRock, it is recommended to upgrade your windows 7 to a higher version. As most of the WannaCry case is observed on the old unpatched version, so if you are holding the old version you must upgrade it. And in the meantime, for the upgraded windows, the SMB automated scanning is performed to detect and let you updates to the new SMB version.
Following this few precautions for the WannaCry, you can also prevent the EternalRocks. But speaking the facts, they are even worse than WannaCry, one it effects it will also spread to another computer with the NSA Tools worms created by the culprits.