Newly detected Snake ransomware targets all connected devices
A newly detected form of ransomware is not only targeting networks but in the case of a successful infection also encrypts all connected devices.
“Snake” ransomware was first detected by security researchers at MalwareHunterTeam last week and detailed by “ethical hacker” Vitali Kremez to reverse-engineer it. Kremez describes Snake as containing a higher level of obfuscation than is typical of previous forms of ransomware.
Snake removes a targeted computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software and more. It then proceeds to encrypt the files across all connected devices.
Once Snake completes its encryption task, it then drops a ransom note entitled “Fix-Your-Files.txt” in the C:UsersPublicDesktop folder along with details of the files it has encrypted. The note naturally includes an email address along with ransom demand. If the ransom is paid, targeted victims are promised a decryption tool in return.
The ransomware “specifically targets the entire network rather than individual workstations,” Bleeping Computer reported Wednesday. “They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception.”
Ransomware is far from new, but Snake is arguably a serious escalation on what has come before.
“Ransomware has proven to be very lucrative for cybercriminals and it appears some of their ill-gotten gains have funded advancements in ransomware tools,” Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “The Snake ransomware is one such example where criminals are trying to cause extra disruption by attempting to encrypt the entire network.”
Malik said organizations should focus on the root cause of how ransomware enters the network. “This is primarily through social engineering (mainly phishing), or by exploiting unpatched public-facing software,” he said. “So if they place resources into addressing these entry points, it is more likely they will prevent ransomware and many other attack techniques.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.