The same way viruses within the body mutate themselves to continue their paths of destruction, another type of mutation should be on the radar of process control professionals.
Last week, Wired magazine published an article by Andy Greenberg titled “Mysterious new ransomware targets industrial control systems.” In the article, Greenberg explains EKANS, also known as Snake, which researchers at Sentinel One and Dragos say is specifically designed to target industrial control systems by killing software processes, encrypting data and holding it hostage.
Similar to other ransomware attacks, after encrypting the data, EKANS displays a note demanding payment for release of the data. But it doesn’t stop there.
Taking it a step further, EKANS terminates 64 software processes on victim computers, including those specific to industrial control systems, Greenberg reports.
“That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firm’s pipelines or a factory’s robots,” he explains.
Greenberg reports that Dragos suspects the Megacortex ransomware that appeared last spring may be a predecessor to EKANS, and could have been developed by the same hackers.
Among their similarities is an additional step where the ransomware terminates data historian software, among other key control system software.
Those responsible for the ransomware have yet to be identified, but experts speculate that it’s possible that actual cybercriminals are responsible, rather than state-sponsored hackers, Greenberg reports.
