The Snake ransomware has taken one step ahead by isolating the compromised systems before starting the file encryption process.
The Snake ransomware has taken one step ahead by isolating the compromised systems before starting the file encryption process.
Deepinstinct, a cybersecurity firm, spotted some samples of Snake ransomware (also known as EKANS) isolating the infected systems to encrypt files without interference.
The same ransomware is assumed to be responsible for the Honda cyber- incident which took place last month.
What are the features of Snake ransomware?
The main feature of Snake ransomware is the killing of processes from a predefined list, including ICS-related strategies, to encrypt resources associated with them to further entice victims into paying the ransom to restore the affected systems.
The Snake ransomware can enable and disable the firewall and also use specific commands to prevent unwanted connections to the system.
“Before initiating the encryption, Snake will use the Windows firewall to block any incoming and outgoing network connections on the victim’s machine that aren’t configured in the firewall. Windows built-in netsh tool will be used for this purpose,” explains Deep Instinct.
As it gets disconnected from the outside world, the malware will kill the hardcoded processes and interfere with the encryption process, including those related to the industrial world, various security tools and backup solutions. It prevents recovery options by deleting shadow copies.
The malware appends a random five-character thread to the extension of the encrypted files and the term EKANS to the end of the file (For example, our encrypt_me.txt file was changed to encrypt_me.txtDwtwx.)
When the encryption process gets completed, the malicious tool turns the firewall off.
“The concept of ransomware is rather simple – you encrypt your victims’ files and wait for them to pay. Although this concept hasn’t changed in recent years, ransomware attacks have become more and more sophisticated and targeted, as we witness the gradual change in the priorities, tactics and scale of attacks.” concludes the report.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online