EKANS

Malware updated 19 days ago (2024-10-15T10:01:37.268Z)
Download STIX
Preview STIX
EKANS, also known as SNAKE, is a malware strain that emerged in mid-December 2019 and became one of the more concerning ransomware threats in 2020. The malicious software, written in the Go programming language according to IBM Security X-Force analysis, is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, EKANS can disrupt operations, steal personal information, and hold data hostage for ransom. Interestingly, EKANS shares similarities with MegaCortex ransomware, as both are designed to kill twelve hard-coded processes, some of which are directly related to industrial control system (ICS) operations. The implications of potential EKANS attacks are significant, particularly for OT-connected industries, which made up 41% of all ransomware attacks observed by IBM Security X-Force in 2020. Despite extensive research, cybersecurity firm Dragos remains uncertain about how EKANS distributes itself within victim networks. The malware is capable of transferring over HTTP/S and writing itself to disk, indicating a high level of sophistication and potential for widespread damage. While some reports have suggested links between EKANS activity and "Iranian strategic interests," Dragos finds this connection to be tenuous based on available evidence. Other attacks similar to those caused by EKANS have been attributed to various actors, including the US and Israel (Stuxnet), cybercriminals (EKANS ransomware), or remain unattributed. Regardless of its origin, the disruptive potential of EKANS, especially to industrial operations, underscores the need for organizations to develop robust defenses against this growing OT threat.
Description last updated: 2024-10-15T09:23:03.660Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the EKANS Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more