EKANS, also known as SNAKE, is a malware strain that emerged in mid-December 2019 and became one of the more concerning ransomware threats in 2020. The malicious software, written in the Go programming language according to IBM Security X-Force analysis, is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, EKANS can disrupt operations, steal personal information, and hold data hostage for ransom. Interestingly, EKANS shares similarities with MegaCortex ransomware, as both are designed to kill twelve hard-coded processes, some of which are directly related to industrial control system (ICS) operations.
The implications of potential EKANS attacks are significant, particularly for OT-connected industries, which made up 41% of all ransomware attacks observed by IBM Security X-Force in 2020. Despite extensive research, cybersecurity firm Dragos remains uncertain about how EKANS distributes itself within victim networks. The malware is capable of transferring over HTTP/S and writing itself to disk, indicating a high level of sophistication and potential for widespread damage.
While some reports have suggested links between EKANS activity and "Iranian strategic interests," Dragos finds this connection to be tenuous based on available evidence. Other attacks similar to those caused by EKANS have been attributed to various actors, including the US and Israel (Stuxnet), cybercriminals (EKANS ransomware), or remain unattributed. Regardless of its origin, the disruptive potential of EKANS, especially to industrial operations, underscores the need for organizations to develop robust defenses against this growing OT threat.
Description last updated: 2024-10-15T09:23:03.660Z