EternalRocks, also known as Doomsday, is a ransomware trojan and worm on Microsoft Windows, last updated on May 24, 2017. It is one of the first instances of a ransomware program that uses stealth.

Sometimes referred to as the "successor of WannaCry", this ransomware uses seven leaked NSA hacker tools (EternalBlue, EternalSynergy, EternalRomance, EternalChampion, DoublePulsar, ArchiTouch and SMBTouch), unlike WannaCry, which used only two. It also names itself WannaCry to hide from security researchers. Once a computer is infected by it, it stays hidden on the host computer, secretly installs Tor Browser, and then makes a connection to its servers. After twenty-four hours, the server will begin to self-replicate the malware. This ransomware does not seem to have a kill switch yet, unlike some of the WannaCry variants. So far, EternalRocks just seems to infect computers, however it has been warned that this worm could be weaponized at any time. As this ransomware has stealthy capabilities, it is unknown how many computers are infected with it at the moment.


Community content is available under CC-BY-SA unless otherwise noted.