SECURITY
SECURITY
SECURITY
Newly detected Snake ransomware targets all connected devices
A newly detected form of ransomware is not only targeting networks but in the case of a successful infection also encrypts all connected devices.
“Snake” ransomware was first detected by security researchers at MalwareHunterTeam last week and detailed by “ethical hacker” Vitali Kremez to reverse-engineer it. Kremez describes Snake as containing a higher level of obfuscation than is typical of previous forms of ransomware.
Snake removes a targeted computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software and more. It then proceeds to encrypt the files across all connected devices.
Once Snake completes its encryption task, it then drops a ransom note entitled “Fix-Your-Files.txt” in the C:UsersPublicDesktop folder along with details of the files it has encrypted. The note naturally includes an email address along with ransom demand. If the ransom is paid, targeted victims are promised a decryption tool in return.
The ransomware “specifically targets the entire network rather than individual workstations,” Bleeping Computer reported Wednesday. “They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception.”
Ransomware is far from new, but Snake is arguably a serious escalation on what has come before.
“Ransomware has proven to be very lucrative for cybercriminals and it appears some of their ill-gotten gains have funded advancements in ransomware tools,” Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “The Snake ransomware is one such example where criminals are trying to cause extra disruption by attempting to encrypt the entire network.”
Malik said organizations should focus on the root cause of how ransomware enters the network. “This is primarily through social engineering (mainly phishing), or by exploiting unpatched public-facing software,” he said. “So if they place resources into addressing these entry points, it is more likely they will prevent ransomware and many other attack techniques.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
