Ekans ransomware is designed to assault industrial techniques in a method that researchers consult with as ‚deeply disturbing evolution’ of malicious software program.
Cyber criminals launch ransomware assaults that concentrate on industrial management techniques (ICS). Based on the researchers, that is the primary case of file-encrypting malware that immediately infects laptop networks controlling operations in a manufacturing and tooling atmosphere.
This isn’t the primary time malware is attacking ICS; many state-sponsored hacker campaigns have attacked these objects lately, however scientists have concluded that Ekans appears to be the work of a cybercriminal operation partaking on this area.
Scientists have found that Ekans contains a list of commands and processes related to a number of functions specific to the industrial control system, aimed at stopping these functions in a ransomware attack.
Though this performance is described as restricted, Ekans researchers’ evaluation notes that it’s nonetheless a „deeply disturbing evolution of ICS malware” as a result of it signifies that cybercriminals are presently attacking ICS working techniques for monetary acquire solely.
Encrypted information are modified with a random five-character extension, whereas victims obtain an ransom be aware with an electronic mail deal with to be contacted to barter the ransom to be paid in cryptocurrency.
To implement ransomware, attackers behind Ekans most likely must compromise the community earlier than launching an assault. That is as a result of identical pattern as ransomware variants equivalent to Ryuk and Megacortex, that are based mostly on a sensible implementation methodology and never on self-spreading.
The best way Ekans assaults ICS signifies that the attackers are very particular in regards to the goal, so they are going to most likely spend a while compromising the targets of their plans.
The Dragos doc even famous that Ekans might have a reference to Megacortex ransomware, as a result of though the listing of processes attacked by Ekans is comparatively quick and is barely 64, every of them is the goal of newer variations of Megacortex. This means that Megacortex could also be utilized by such a assault.
Some stories linked Ekany to Iran, however after analyzing the malware, Dragos concluded that „there is no strong or convincing evidence” linking this marketing campaign to Iran’s strategic pursuits.
At present, it isn’t totally sure how Ekans is distributed to victims, however to guard towards ransomware assaults, it is suggested to phase ICS techniques from the remainder of the community, so even when a typical Home windows machine is violated, the attacker can’t merely swap to infrastructure controlling techniques.
Organizations must also make sure that techniques are recurrently backed up and saved offline; specifically for ICS operations, backups should include the final identified good configuration knowledge to make sure quick restoration.