A new threat report from cybersecurity company Dragos details the characteristics of a form of ransomware known as Ekans. This ransomware – also known as Snake – first emerged in December 2019 and has been designed for use against Windows systems used in industrial environments.
Researchers found Ekans contains a list of commands and processes associated with a number of industrial control system-specific functionalities aimed at stopping these functions in a ransomware attack.
While this functionality is described as limited, researchers’ analysis of Ekans notes that it still represents “a deeply concerning evolution in ICS-targeting malware” because it indicates that cyber criminals are now targeting ICS operation systems purely for financial gain.
Industrial control systems (ICS) are the nucleus to those organisations in manufacturing and utilities environments. Adversaries know if they can infect it, they can shut down the entire infrastructural body, preventing it from operating, producing and generating profit. Such high costs means that impacted companies are likely to pay the ransom in order to maintain some level of productivity and business continuity. With this in mind, it’s a surprise it’s taken cybercriminals so long to target ICS for profit.
To defend against Ekans, I advise suspectible companies to look to proven technologies that leverage artificial intelligence and machine learning to continuously monitor their ICS networks for anomalies that detect and mitigate possible attacks that could cause harm to the ICS.