SBN Malware spotlight: Ekans

Introduction

Industrial Control Systems, or ICS, have been the target of malware for some time now. Most of these threats target Windows systems and Windows processes, and aside from targeting ICS-specific processes, they are not much different from the horde of threats on that Windows XP system that you are currently using as a paperweight. 

A troubling development has been the addition of ransomware to the list of threats that target ICS. Recently, a new ICS-specific ransomware threat has been discovered: Ekans. 

This article will detail the Ekans malware and explore what it is, what makes Ekans different from other ICS threats and how it works, as well as how it can be prevented. 

As a general comment about threats like these, we should all be concerned about ICS threats. Failure of critical infrastructure to have proper information security in place will result in damage to society immeasurably worse than if your personal PC becomes infected.

What is Ekans?

Ekans, or snake spelled backwards, is a new type of ransomware that targets ICS systems. Discovered in December of 2019, Ekans is the second type of ransomware designed for ICS. The first ICS ransomware to appear in the wild was MEGACORTEX, a small malware family with both ransomware and disk wiper capabilities that has some dedicated ICS-specific characteristics. 

The good news is that malware researchers have described Ekans as less of a threat than MEGACORTEX. But despite this opinion, all ICS threats should be treated as serious due to the destruction it can cause to society. Just imagine the chaos that will ensue if critical infrastructure goes down due to poor security measures!

What makes Ekans different from other ICS-specific threats?

Until recently, threat actors responsible for ICS-specific threats have been state-sponsored. This means that the motivation (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/VbEIH0S3KGo/