Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Snake Ransomware Strikes Businesses, Hospital

The operators of Snake ransomware launched a new worldwide campaign that has infected numerous businesses and at least one healthcare organization over the last few days. First reported in January by BleepingComputer, the attackers went quiet with only few infections until now. The lack of activity changed on May 4th when Snake started attacking organizations throughout the world and across all industry verticals. According to security reporter Brian Krebs, Snake has hit Fresenius, the UK’s largest hospital provider and a major provider of dialysis products and treatments. Snake ransomware now claims to steal unencrypted files before encrypting computers on the infected network. The ransomware leaves a ransom note that states that if they are not contacted within 48 hours, they will release sensitive databases and documents until the ransom is paid.

Analyst Notes

Currently it isn’t known if the Snake operators are actually stealing files or they are just claiming to steal unencrypted data to scare victims into paying the ransom. All victims should assume the worst and handle ransomware breaches as though their data was stolen. As with any ransomware attack, the 3-2-1 method of backing up sensitive data is the best defense. Keep three copies of the data on two separate devices with one of them offsite. Any victim of ransomware should notify the appropriate law enforcement agency so that the attack can be investigated. The best defense from any attack is still a good offense: companies should have their systems penetration tested by companies like Trustedsec that can identify weaknesses and provide advice on how to strengthen security systems. The Binary Defense Security Operations Center monitors workstations and servers 24-hours a day to quickly detect and stop attackers before they have the chance to steal files and launch ransomware. The Binary Defense Counterintelligence team also provides a proactive service that searches for threats outside the company’s network on the Darknet, Clearnet and social media and alerts clients to targeting and threats before attacks are carried out.

To read more: