EXPERT COMMENTS: SNAKE Ransomware Targets Organizations’ Entire Corporate Networks

By   ISBuzz Team
Writer , Information Security Buzz | Jan 09, 2020 06:18 am PST

In response to the news that SNAKE ransomware is targeting entire corporate networks, expert offers perspective.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Tarik Saleh
Tarik Saleh , Senior Security Engineer and Malware Researcher
January 10, 2020 2:55 pm

Security researchers have observed samples of the new SNAKE ransomware family targeting organizations’ entire corporate networks.

Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation.

Upon successful infection, the ransomware deletes the machine’s Shadow Volume Copies before terminating various processes associated with SCADA systems, network management solutions, virtual machines and other tools. It then proceeds to encrypt the machine’s files while skipping over important Windows folders and system files. As part of this process, it appends “EKANS” as a file marker along with a five-character string to the file extension of each file it encrypts.

Last edited 4 years ago by Tarik Saleh
Javvad Malik
Javvad Malik , Security Awareness Advocate
January 9, 2020 2:20 pm

Ransomware has proven to be very lucrative for cybercriminals and it appears some of their ill-gotten gains have funded advancements in ransomware tools. The Snake ransomware is one such example where criminals are trying to cause extra disruption by attempting to encrypt the entire network.

Organisations should focus on the root cause on how ransomware enters the network. This is primarily through social engineering (mainly phishing), or by exploiting unpatched public-facing software. So if they place resources into addressing these entry points, it is more likely they will prevent ransomware, and many other attack techniques.

Last edited 4 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x