A ransomware called Snake or Ekans targets industrial areas. But it seems that only cyber criminals are behind this mysterious malware that want to attack the files.
The recently discovered ransomware Snake not only encrypts files on the target systems. Rather, the malware searches the target systems for hundreds of specific programs – including many that are used in industrial processes to control systems, and ends the processes. This removes the processes from the control of the operating team, the systems are virtually no longer controllable.
Ekans Was Developed For Specific Cyber Attack Goals
Attacks on industrial control systems with malware are not new. So far, they have mainly been attributed to state-controlled hackers. Ekans is said to be the creation of cybercriminals. The researchers classify the ransomware as a unique and specific risk for industrial companies. Among other things, the researchers found in the malware a list of commands and processes that belong to functions of industrial control systems, among other things with the aim of stopping these functions with a ransomware attack. So far, Ekans capabilities in this area have been limited, but still worried that industrial control systems are being attacked for purely financial reasons for the first time. As usual with ransomware, files are encrypted and given a new file extension. Victims also receive a ransom note with an email address to negotiate the ransom to be paid in a cryptocurrency.
The ransomware appears to be spreading through a previously compromised network. The researchers also assume that Ekans was developed for specific goals. Although not deliberately destructive, missing relationships and issues with the victim’s environment could result in Ekans or similar malware that could end industrial processes having an unintended physical impact. The willingness to accept this possibility is deeply worrying.
Experts advise operators of industrial control systems to separate them from the rest of the network, to back them up regularly and to save the backups offline. In addition, it is necessary to take into account attacks on industrial systems with the aim of extorting money in risk assessments. Organizations must work diligently who reduce their attack surface through better network segmentation, better access and authentication mechanisms and increase the transparency of industrial networks to identify attacks before they come to an end.