At a time when the world is gradually recovering from the devastating WannaCry ransomware outbreak, cyber-security researchers are bracing for even more hazardous cyber threats in days to come. The greater frequency and intensity of cyberattacks today points towards the level of sophistication hackers currently possess, allowing them to disrupt what were previously thought of as unbreakable security systems.
In the wake of the global WannaCry ransomware attack, affecting hundreds of thousands of computers in 150 countries over the last few days, a set of new malware tools have cropped up. According to cyber-security experts, they are tougher to fight, and have the potential to cause greater chaos than the recent ransomware mayhem.
Here are three such malicious software tools that could continue the cyber turmoil -- in an even scarier way -- from where WannaCry had left off.
EternalRocks
First detected by a Croatian security expert last week, EternalRocks exploits the same NSA tool known as EternalBlue, which helped the WannaCry ransomware spread rapidly to computers across the globe. What could make EternalRocks spread even faster and farther is the fact that it uses six other NSA tools, including ternalChampion, EternalRomance, and DoublePulsar.
Somebody actually used complete Shadowbrokers dump (SMB part) and made a worm out of it. Uses WannaCry names (taskhost/svchost) to distract
— Miroslav Stampar (@stamparm) May 18, 2017
Unlike WannaCry, EternalRocks doesn't corrupt files, or use affected devices to launch botnet attacks. However, it makes compromised computers more vulnerable to hackers who can "weaponise" compromised computers with remote commands.
In addition, EternalRocks is stronger than WannaCry because it doesn't have any weaknesses like the kill switch that a researcher used to prevent the ransomware from spreading farther. The new malware is also capable of delaying activation for 24 hours in an attempt to frustrate security researchers.
XData
A security researcher associated with the MalwareHunterTeam analysis group discovered a new malware strain called XData, which is reportedly gaining momentum in Ukraine, leading to about three times as many infections as WannaCry ransomware did in the country.
Alert: XData ransomware is attacking Ukraine very hard, likely worse than WannaCry for them.
95%+ of victims are from there.
Past 4 hours: pic.twitter.com/dM6US55O2d— MalwareHunterTeam (@malwrhunterteam) May 19, 2017
IDR: XData currently is the second "best" ransomware in the past 24 hours w/ only targeting Ukraine.
Crazy...@BleepinComputer @demonslay335 pic.twitter.com/JMcduJyYUa— MalwareHunterTeam (@malwrhunterteam) May 19, 2017
According to MalwareHunterTeam, XData managed to spread across Ukraine so fast that it became the second most active ransomware strain in just 24 hours of its discovery. Considering its rapid growth despite targeting a single country, security researchers believe that the malware can cause much deeper troubles if it starts spreading globally.
While there is a way to beat WannaCry and decrypt files on Windows XP and Windows 7, if the systems are not rebooted, it's not possible to apply the same trick on XData. According to researchers, it fully encrypts the files, and there is no way to get the files back for free, Wired reported.
Athena
The Athena malware is part of the latest file revealed in WikiLeaks' Vault 7 catalogue of CIA hacking tools. According to details provided by the anti-secrecy group, Athena was developed as a surveillance tool to capture communications from computers, running on Windows XP to Windows 10.
The malware is said to have been developed by the CIA in cooperation with Siege Technologies, a New Hampshire-based cyber security company, which was acquired by Nehemiah Security in November 2016.
CIA's Athena malware is designed to be injected into a target's supply chain (e.g shipments from Dell) #Vault7 https://t.co/V0r5B7OSYT pic.twitter.com/GFmvF5XEtW
— WikiLeaks (@wikileaks) May 22, 2017
As mentioned by WikiLeaks, Athena is a simple implant application that provides remote access to the target machines that include Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32- bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server and Windows 10.
According to a recent report by McAfee Labs, ransomware will remain a very significant threat until the second half of 2017.
"Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will keep the security industry busy through the first half of the year," the report said.