News We Recently Launched AD Migrator and AD Reporter.

What is EternalRocks Malware? Let us Find Out

  author
Written By Chirag Arora  
Anuraag Singh
Approved By Anuraag Singh 
Published On July 6th, 2017
Reading Time 5 Minutes Reading

After the introduction of Wanna cry malware now, a new virus is at the door. The name of this malware is Eternal Rocks. Now, it is natural to be curious and to have different questions related to this new strain of malware such as what is EternalRocks malware? How this virus affects the system and the data? Is it same as WannaCry or even more dangerous? All these queries will be resolved in this following blog along with the prevention tip from the Eternal Rocks ransomware.

EternalRocks Worm: A New Threat!

Researchers have invented a new dangerous Eternal Rocks malware that can even prove to be more harmful than WannaCry. Croatian security expert detects it for the first time, according to Bleeping Computer. Just like WannaCry ransomware, Eternal Rocks network worm to use NSA tool. This NSA tool is called EternalBlue and spread or multiplies itself from one system to another system via Windows. However, it also uses 6 other NSA tools. These are all the seven NSA tools that are used by Eternal rocks ransomware:

  • EternalBlue — SMBv1 exploit tool
  • EternalChampion — SMBv2 exploit tool
  • SMBTouch — SMB reconnaissance tool
  • DoublePulsar — Backdoor Trojan
  • EternalRomance — SMBv1 exploit tool
  • EternalSynergy — SMBv3 exploit tool
  • ArchTouch — SMB reconnaissance tool

How Does EternalRocks Malware Affect the System?

Now, after the introduction of the Eternal Rocks Worm, it is important to know the impact it can make in a system. In its latest form, it does not contain any kind of ruptured elements. It does not lock/corrupt the files or make use of compromised devices to build a botnet. However, it is not reassuring as EternalBlue leaves the infected systems vulnerable to remote commands, which can lead to “weaponize” that infection at any time. The installation of EternalRocks Malware takes place in two different stages:

  • First Stage

In its first stage, it downloads the Tor web browser on the infected systems. This is later used in the connection to its command and control server, which is placed on the Tor network on the Dark Web.

  • Second Stage

Now, in the next step, Eternal rocks virus act in response to the command and control server along with the archive that contains the seven Windows SMB exploits as mentioned above. All these seven SMB exploits are later downloaded to the system, which is infected. After this, EternalRocks worm scans the Internet in order to open SMB ports to spread itself to all the other vulnerable systems too.

Important Note: The second stage occurs after the delay of 24 hours. It is because to avoid sandboxing techniques that make the EternalRocks ransomware infection undetectable.

Is there Any Weakness of EternalRocks Malware?

No, Eternal Rocks ransomware has no weakness as WannaCry. As we know, researchers used Kill Switch as one of the weapons against WannaCry. However, in the case of the virus, there is no way to make it less effective. The researchers of EternalRocks network worm claim that it has not spread much far yet. It has only one example that is based on NSA-authored exploits. The results have already been severe & they could even get worse. Moreover, as the matter of fact that it does not have any weakness till yet, therefore, can be put into a more dangerous category as compare to WannaCry.

According to the reports, EternalBlue uses a 24-hour activation delay in the attempt to disturb efforts to study it. Within the last 10 days, we have come across such cyber attacks that have left the companies feeble around the globe.

Important to Know About EternalRocks Malware

Apart from all the above-discussed information about Eternal Rocks network worm, there are some more things, which require the attention of users. This ransomware comes up with the potential to exploits the Windows in the same way as WannaCry. In fact, it stores more harmful threats than WannaCry creating a tougher situation for users to fight. As mentioned above, it uses NSA tool that is known as EternalBlue and spread itself from to another machine. According to the researchers, WannaCry used only two NSA exploits EternalBlue to compromise a device & DoublePulsar to spread from one to another machine. Whereas, EternalRocks Malware uses six of such NSA tool apart from EternaBlue.

Prevent the System from EternalRocks Worm

As from all the information discussed above, it is now clear that there is no method to remove this Eternal rocks virus from the system. However, users can save their data by creating a backup of the entire database. It is recommended to take the backup on frequent basis.

The Bottom Line

With this upgrading technology, there are many things developing making it easy to work digitally. However, along with this, there are some people, who are responsible for the creation of some harmful malware and ransomware. One such newly discovered threat is EternalRocks Malware. Many people are comparing it with WannaCry, therefore, in the above blog; we have tried to unveiled every possible fact that is available about Eternal rocks Worm. This is important for users to be aware of it and take precaution by creating a backup of their crucial data.

  author

By Chirag Arora

Chirag Arora is a seasoned professional who wears multiple hats in the digital realm. As a Digital Marketing Manager, he orchestrates successful online campaigns, optimizing brand visibility and engagement. Additionally, Chirag brings meticulous attention to detail to his role as a Content Proofreader, ensuring that every piece of content shines with accuracy and clarity.