Snake Ransomware is Targeting Industrial Controls
Published on : Monday 06-07-2020
Before few weeks, Honda confirms hack attack disrupted Global Production Ransomware. Brett Callow, a threat analyst with security firm Emsisoft, says "It doesn't prove conclusively that Honda was hit by Snake, but it's certainly a strong indicator."
According to the security firm Dragos, Snake ransomware variant is designed to target industrial control systems. It has some of the characteristics which are also found in Megacortex which is also a malware that struck several high-profile targets in 2019. Snake is a ransomware that runs on Microsoft Windows, which is also known as Ekans. It was discovered by MalwareHunterTeam. This ransomware was aimed to target English speaking users and is written in Golang. It contains a much high level of obfuscation than is commonly seen with ransomware.
How Snake ransomware spreads in Industry?
The key reason how Snake / Ekans is distributed by cybercriminals is through an insecure RDP configuration. It can be spread using phishing campaign or even using email spams by spreading malicious attachments, deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers. Once it is active, it directly targets to remove the computer's Shadow Volume Copies and then it kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.
Later it proceeds to encrypt the files on the device.
What are latest identifications of this Ransomware?
Recently, FortiGuard researchers have uncovered two different variants of Snake (Ekans) ransomware which also offer some additional insights into how the ransomware strain was developed and how it targets industrial control systems.
According to Dragos report, this ransomware has ability to encrypt and close down industrial control systems potentially could cause organization wide power outages and other serious issues. "The specificity of processes listed in a static 'kill list' shows a level of intentionality previously absent from ransomware targeting the industrial space," the report states.
Dragos researchers warn that the owners and operators of industrial controls systems should take the time now to review their infrastructure before Snake-based attacks spread. Dragos researchers also note that Ekans apparently is not designed to self-propagate through a network, which means that the attackers must plant the ransomware within the network either interactively or through a script. This means that organizations would be specifically targeted by attacks.
How to prevent this Ransomware?
Cybersecurity awareness trainings for employees, periodic Cybersecurity Assessment, securing the industrial system and real-time security monitoring are few of the solutions to protect industry against such harmful attack.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity Assessment & Audits, IT Consulting, Customised Software Development and Software Products. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He is also certified H/W & S/W expert for Mobile Phones, Computers and CCTV cameras. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is also certified for "Digital Signal Processor & Applications" by Analog Devices - DSP Learning Center, IIT Madras.
He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news. Shekhar's recent book “Air Team Theory: Understanding 10 Types of Team Mates and Best Practices to Succeed” was published in January 2020 and is a hot-seller on Amazon.