Cyber Threat Report: 'EKANS Ransomware and ICS Operations'

This blog post by researchers at Dragos talks about the EKANS ransomware variant. EKANS targets industrial control system (ICS) operations, and was first observed in December 2019¹. It forcibly stops processes related to ICS operations, as well as halting traditional IT systems. Dragos researchers highlight similarities with MEGACORTEX ransomware, which also shows some targeting of ICS-related processes, suggesting a continuity between these threats. The report also discusses mitigations, emphasizing the importance of visibility into assets, regular backups, and understanding the potential impact of ICS-specific ransomware to implement effective defenses and recovery strategies.