Monday, 12 June 2017
If you thought the Wannacry Ransomeware worm which brought a vast number of computer systems to their knees was a major disaster, then watch out for this next one. EternalRocks uses 7 leaked NSA hacking tools. These were developed by the American Security Agency to hack into enemy systems, however the leaked versions are now being used to extort money worldwide.
This new one doesn’t alert the user that the system is infected until 24 hours later, hoping that a backup of the infected system will have been made and make restore more difficult.
The worm does not have a ‘kill switch’ which halted the spread of Wannacry. It is looking for systems to infect and then demand a fee for the decrypt key. The vulnerability uses unpatched SMB ports.
We understand that systems which have the latest operating systems and are patched should be ok. Certificated users with ISO 27001 will be aware of the requirements for this.
It is vital that organisations have good backups of data and that these backups are fully verified so that they can be installed in case of a problem. It is too late when a restore fails through an unverified backup or the backup is corrupted.
Cyber Crime is fast becoming the number one risk.