Cyber Threat Report: 'Threat Assessment: EKANS Ransomware'

Report Author Palo Alto Unit 42
Publication Date 2020-06-26
Original Reporting Source
Related Intrusion Sets EKANS Ransomware Operators
Victim Sectors Healthcare, Transportation, Manufacturing, Energy

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in January 2020 and has targeted multiple industries in the U.S and Europe,. The assessment states that EKANS is written in Golang and includes a "kill list" for antivirus and ICS (Industrial Control System) processes. The ransomware also deletes shadow copies of files to prevent restoration. The researchers state that spear-phishing is the primary initial access vector.

Cyber Threat Graph Context

Explore how this report relates to the wider threat graph

Mitigations to defend against the techniques in this report

Identified MITRE ATT&CK Techniques