Cybercriminals are launching new ransomware attacks against industrial control systems (ICS). The ransomware dubbed Ekans features new functionality designed to stop critical processes related to ICS operations.
Security firm Dragos discovered Ekans back in December 2019 and released a full report to the public February 3, 2020.
Ekans, also known as “Snake,” is designed to target Windows systems.
The new attacks are in contrast to previous file encrypting ransomware attacks, such as those used to lockout systems in hospitals, governments and school districts. Dragos described the new attack as “primitive,” but warns Ekans uses a static “kill list” to target ICS processes.
As described in the report, Dragos said Ekans “represents a relatively new and deeply concerning evolution in ICS-targeting malware.” The company also added Ekans shares common characteristics to Megacortex, which also contained ICS-specific characteristics.
Previously, state-sponsored actors were mainly behind ICS-related attacks, such as Dragonfly and Triton.
It now appears non-state sponsored entities are targeting ICS space, likely for financial gain.
- Russian cyber activity targets critical infrastructure and energy sectors
- Triton malware attacks critical industrial control systems
- WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security
- Travelex hit with major ransomware attack
- Attackers abuse ConnectWise Control software to deliver Zeppelin ransomware