UPDATED 22:36 EST / JANUARY 08 2020

SECURITY

Newly detected Snake ransomware targets all connected devices

A newly detected form of ransomware is not only targeting networks but in the case of a successful infection also encrypts all connected devices.

“Snake” ransomware was first detected by security researchers at MalwareHunterTeam last week and detailed by “ethical hacker” Vitali Kremez to reverse-engineer it. Kremez describes Snake as containing a higher level of obfuscation than is typical of previous forms of ransomware.

Snake removes a targeted computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software and more. It then proceeds to encrypt the files across all connected devices.

Once Snake completes its encryption task, it then drops a ransom note entitled “Fix-Your-Files.txt” in the C:UsersPublicDesktop folder along with details of the files it has encrypted. The note naturally includes an email address along with ransom demand. If the ransom is paid, targeted victims are promised a decryption tool in return.

The ransomware “specifically targets the entire network rather than individual workstations,” Bleeping Computer reported Wednesday. “They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception.”

Ransomware is far from new, but Snake is arguably a serious escalation on what has come before.

“Ransomware has proven to be very lucrative for cybercriminals and it appears some of their ill-gotten gains have funded advancements in ransomware tools,” Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “The Snake ransomware is one such example where criminals are trying to cause extra disruption by attempting to encrypt the entire network.”

Malik said organizations should focus on the root cause of how ransomware enters the network. “This is primarily through social engineering (mainly phishing), or by exploiting unpatched public-facing software,” he said. “So if they place resources into addressing these entry points, it is more likely they will prevent ransomware and many other attack techniques.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU