The departure of GandCrab has triggered the arrival of new ransomware variants in the realm of cybersecurity. Recently, researchers have spotted SNAKE ransomware that poses a serious threat to enterprise security.
About SNAKE Ransomware
As highlighted by the MalwareHunterTeam and Vitali Kremez, a new ransomware has emerged as an active threat to the businesses. Dubbed the SNAKE ransomware, the new malware appends an ‘EKANS’ file marker in the hijacked files, which is ‘SNAKE’ when read backward.
2020-01-06: 🆕🔒#Golang #Ransomware "#EKANS" aka "#SNAKE"🐍
🎯Targeted Ransomware|"We breached your corporate network…"
h/t @malwrhunterteam cc @demonslay335 @BleepinComputer pic.twitter.com/mnf4fhYlD4
— Vitali Kremez (@VK_Intel) January 6, 2020
Sharing the details of the ransomware with Bleeping Computer, Kremez revealed that the malware exhibits high obfuscation.
The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach.
In brief, after infecting a device, it removes the Shadow Volume Copies from the computer. Moreover, it also terminates various processes. This behavior is quite similar to the Clop ransomware. As stated by Bleeping Computer,
When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.
Then, the ransomware begins encrypting the data files whilst adding the file marker. However, it does not add any specific extension to the files, unlike most other ransomware. Rather it adds a random 5-character string as an extension.
Once done, the ransomware then places the ransom note entitled “Fix-Your-Files.txt” in the desktop folder. The note includes the details from the attacker. It asks the victim to contact a given email address to get the ‘decryption tool’ for restoring data.
A Threat To Businesses
According to the researchers, SNAKE ransomware poses a higher degree of threat to the corporate world. As revealed through its ransom note, the ransomware not only affects a device, rather the entire network. It means that it affects multiple computers on a network, something that is really troublesome for the businesses.
However, the ransomware, unlike most others, takes some time to encrypt the files. Moreover, since the ransomware begins encryption at a time chosen by the attacker, it may give some time to the victims to spot the infection and fight back.
Nonetheless, like always, what shall benefit the businesses against SNAKE and other ransomware the most, is to have robust cybersecurity in place.
Let us know your thoughts in the comments.