EKANS Ransomware Operators

The EKANS ransomware, also known as "Snake" (but not to be confused with the snake malware used by turla), emerged in 2019. The name EKANS comes from a string which is observed in the malware.

The ransomware encrypts files and displays a ransom note like typical ransomware, but EKANS stands out due to its additional functionality targeting operational technology (OT). Specifically, it forcibly stops a number of processes, including those related to Industrial Control Systems (ICS) operations. EKANS represents the first known ransomware variant which shows specific ICS targeting .

Reported victims of EKANS include Fresenius Group, Honda and Enel Group.

unit42.paloaltonetworks.com

https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/

claroty.com

https://claroty.com/team82/blog/ics-impact-of-snake-ekans-ransomware

www.fortinet.com

https://www.fortinet.com/blog/threat-research/ekans-ransomware-targeting-ot-ics-systems

darktrace.com

https://darktrace.com/blog/what-the-ekans-ransomware-attack-reveals-about-the-future-of-ot-cyber-attacks

www.popularmechanics.com

https://www.popularmechanics.com/technology/security/a32825656/honda-cybersecurity-attack/

labs.sentinelone.com

https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/

pylos.co

https://pylos.co/2020/01/28/getting-the-story-right-and-why-it-matters/

www.dragos.com

https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/

insights.sei.cmu.edu

https://insights.sei.cmu.edu/blog/snake-ransomware-analysis-updates/

www.dragos.com

https://www.dragos.com/blog/industry-news/ekans-ransomware-misconceptions-and-misunderstandings/