Security researchers have observed samples of the new SNAKE ransomware family targeting organizations’ entire corporate networks.
Upon successful infection, the ransomware deletes the machine’s Shadow Volume Copies before terminating various processes associated with SCADA systems, network management solutions, virtual machines and other tools. It then proceeds to encrypt the machine’s files while skipping over important Windows folders and system files. As part of this process, it appends “EKANS” as a file marker along with a five-character string to the file extension of each file it encrypts.
The threat wraps up its encryption routine by dropping a ransom note entitled “Fix-Your-Files.txt” in the C:UsersPublicDesktop folder. This ransom note instructs victims to contact “email@example.com” in order to purchase a decryption tool.
That’s not all the ransom note says. Bleeping Computer points this out in a blog post on SNAKE:
As you can see from the language in the ransom note, this ransomware specifically targets the entire network rather than individual workstations. They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception.
SNAKE isn’t the first ransomware that’s directed its focus to entire corporate networks. Back in March 2019, for instance, researchers discovered a new variant of the CryptoMix Clop ransomware family that claimed to target entire networks instead of individual users’ machines. A few months later, the security community learned of a new crypto-ransomware threat called “TFlower” targeting corporate environments via exposed Remote Desktop Services (RDS).
The emergence of SNAKE ransomware highlights the need for organizations to (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/snake-ransomware-targeting-entire-corporate-networks/