EKANS Ransomware Attacks Focus on Disrupting Businesses Reliant Upon Industrial Control Systems

Conceptual digital image of lock on circuit background-2Leveraging knowledge of industrial control systems, this relatively new ransomware variant is looking to be as disruptive as possible to operations by killing processes and encrypting data.

The more the bad guys know about your environment, the more havoc they can cause – this is the point made by the latest variant of the EKANS (formerly SNAKE) ransomware. It’s ability to kill desired processes is the basis for attacks on any business reliant upon industrial control systems (ICS). Using what appears to be firsthand knowledge of these systems, EKANS looks to stop operations before encrypting data, effectively holding both the organization’s production and data for ransom.

This expansion of functionality beyond just simple encryption of data held for ransom is the latest trend with ransomware. From variants that hack Active Directory, to deleting backups, to lying dormant to reduce the effectiveness of recovery, to threatening to publish the data encrypted, ransomware creators are increasingly becoming savvy in finding new ways to ensure their ransom demands are met.

In the case of organizations with industrial control systems, there are a few specific actions that can assist with preventing an attack:

  • Update ICS endpoints – because it’s unlikely that an ICS-specific endpoint is going to have a user accessing their email on it, it stands to reason that these machines are being infected via lateral movement, which can be accomplished using known vulnerabilities. Ensure the latest OS is used and that these systems remain updated with the latest patches.
  • Leverage Endpoint Protection – the digital warfare is occurring at the process level. The bad guys are killing good guy processes. So, it’s time to do the same. Installing Endpoint Protection will help ensure no rogue/malicious processes can execute bad guy code, including ransomware.
  • Train Your Users – ransomware often enters via a phishing attack. Teaching users via Security Awareness Training to not engage with suspect or unusual emails is a solid first step in lowering the risk of successful attack.

The bad guys are going for the proverbial throat – they want to shut you down completely to improve the chances of them taking home a hefty ransom. A layered defense is the best strategy to protect the organization from what can be a complete operational disaster.

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Ransomware

Subscribe To Our Blog

Your Coronavirus and Work From Home Resource Center

Get the latest about social engineering

Subscribe to CyberheistNews