The hacker who had created the malicious SMB worm called EternalRocks using 7 NSA hack tools and was considered much deadlier and fast spreading have reportedly shut down!

EternalRocks, better known as the scarier version of ransomware WannaCry was developed using 7 National Security Agency exploits and came into light last week when a Croatian security researcher Miroslav Stampar discovered the presence of EternalRocks worm. The news of this newly found possible cyber-attack caught the attention of media from all around the world and it was so intensely covered by media that it may have scared off the hacker who made EternalRocks and made them abort the mission.

For those who don’t know what EternalRocks is, well have you been living under a rock? Here’s the link. And if you don’t know what WannaCry is, dude, seriously? You live on Earth right? Here you go, read about one of the biggest cyber-attack ever – WannaCry. By the way, WannaCry still lingers as a potential threat and you may want to know how to be safe from it or what to do if your system is already infected. Back to the topic!

This intense focus, from both news media and cyber-security firms, appears to have had an impact on the author of the EternalRocks worm, a person going by the nickname of “tmc.” On Wednesday, Stamper found the EternalRocks command and control server (C&C), which is a site hosted on the dark web, featured a new message that read, “Forum Inside! Registration is Open! Why so scary, I only firewall SMB port for you. It’s not ransomware.”

New accounts for the forum registration were manually approved by the EternalRocks developer who calls himself by the pseudonym ‘tmc’. On May 24, two new messages appeared on the forum from tmc which said that there were no malicious intentions with EternalRocks and that it was only built because he ‘wanted to play some games’. Tmc clarified that EternalRocks is not a ransomware and it was not meant to harm, rather it works as a firewall. Here are the messages posted by tmc on the EternalRock forum:

First tmc message

Image Source: Bleeping computer

Stamper said Bleeping Computer, “Well, it seems that I captured author’s worm in testing phase. It had great potential, though. Anyway, I suppose that he got scared because of all this fuzz and just dropped everything before being blamed for even something he didn’t do.”. So a hacker of that level of knowledge and capabilities called the worm off just because of intense media coverage? Two things come into my mind – I don’t buy it, the developer of EternalRocks is just playing with our minds; or we the media people have unbelievable power that together, we stopped a potential cyber-attack! And in that case, everyone owe us huge thanking.

14597