EKANS, the ransomware that is believed to be responsible for the attacks on Honda and Fresenius earlier this year, has been seen making rounds but with updated capabilities. EKANS is also referred to as Snake, but there is no indication that it is related to the nation-state Advanced Persistent Threat (APT) known as Snake or Turla. Relatively quiet since the Coronavirus pandemic caused most of the world to come to a halt, EKANS is back and it is able to disable the firewall on devices as well as kill processes from a specified list which will allow it to encrypt the associated files. The cyber security firm Deep Instinct is credited with the discovery of this new variant. Deep Instinct released an analysis, a portion of which read “Before initiating the encryption, Snake will utilize the Windows firewall in order to block any incoming and outgoing network connections on the victim’s machine that aren’t configured in the firewall. Windows built-in netsh tool will be used for this purpose. Disconnected from the outside world, Snake will kill the hardcoded processes that may interfere with the encryption. This list contains processes related to the industrial world and several security and backup solutions.” On top of all of that, if backups are discovered, EKANS will also delete those, making it very difficult for victims to recover their data.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.