A concerning evolution in ransomware is starting to take shape. Recently, researchers have started to warn against “EKANS,” also known as Snake, a type of ransomware that specifically targets industrial control systems (ICS). EKANS first emerged in December 2019, when it was found to be able to hack into Windows systems used in industrial environments. This is the second instance of file-encrypting malware that was designed to target the software used in oil refineries and manufacturing facilities, specifically.

How does EKANS work?

EKANS encrypts files (which are then renamed with a random five-character file extension) and blocks access until the user pays a cryptocurrency ransom. In order to deploy the ransomware, the attackers behind EKANS first compromise the network using a hands-on method of attack.

When did it all begin?

According to Dragos, another ransomware strain that first appeared in the spring of 2019 included similar ICS-killing features. Known as Megacortex, it was thought that this malware could have been a predecessor to EKANS that was developed by the same hackers. However, researchers have concluded that EKANS looks to be “a unique and specific risk to industrial operations not previously observed in ransomware malware operations.”

What will keep your ICS safe against EKANS?

Researchers suggest that to protect against ransomware attacks, ICS systems should be segmented from the rest of the network. By doing this, even if a standard Windows machine is compromised, a cybercriminal does not have access to the systems that control infrastructure. Some ways to best protect your company from becoming a victim of EKANS is to:

• Ensure that systems are regularly backed up and stored offline. For ICS operations specifically, backups must include the last known good-configuration data to ensure an easy recovery.
• Segment networks
• Improve access and authentication mechanisms
• Increase visibility into industrial networks to identify attacks before they reach their conclusion

Researchers are concerned about EKANS and the growing forms of ICS-targeting ransomware, but by taking necessary precautions, you can protect against this devious ransomware.

At MDL Technology, your company’s security is our number one concern. By offering services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more, we help ensure that you don’t need to stress about your team’s private information becoming public. Learn more about the services we offer by visiting our website.