Following the news that a new piece of file-encrypting ransomware, which some are linking to Iran, has been targeting processes and files associated with industrial control systems (ICS), please see below for a comment from experts.
2020-02-20: ‘#Snake’ #Ransomware Linked to Iran, Targets Industrial Controls
Fact Check/Clarification to this story:
🤔💬Hmm we found [email protected] when we discovered #Snake/#Ekans via @malwrhunterteam
No, Bapco was not found within the malware code🤦♂️
Ref ➡️https://t.co/Sin2PUWyFj pic.twitter.com/wig8MuLHx1— Vitali Kremez (@VK_Intel) January 28, 2020
No matter how good your cyber defences are, it is always a good idea to prepare for a ransomware attack by having a playbook that documents how to respond, to avoid a situation where employees are learning what to do as an attack is happening. Companies can give themselves extra time to respond effectively with tools like deception technology that slow the ransomware down, and, where possible, divert it to non-critical systems. In ICS environments, this can make all the difference between interrupted or damaged operational processes and preserving business continuity while you execute your playbook.
In the event of a successful ransomware attack, determine ahead of time under what conditions, if any, you would pay. Discuss the pros and cons and the risks you are prepared to accept if you are unable to regain access to your files.