A newly detected form of ransomware is not only targeting networks but in the case of a successful infection also encrypts all connected devices.
“Snake” ransomware was first detected by security researchers at MalwareHunterTeam last week and detailed by “ethical hacker” Vitali Kremez to reverse-engineer it. Kremez describes Snake as containing a higher level of obfuscation than is typical of previous forms of ransomware.
Snake removes a targeted computer’s Shadow Volume Copies and then kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software and more. It then proceeds to encrypt the files across all connected devices.
Once Snake completes its encryption task, it then drops a ransom note entitled “Fix-Your-Files.txt” in the C:UsersPublicDesktop folder along with details of the files it has encrypted. The note naturally includes an email address along with ransom demand. If the ransom is paid, targeted victims are promised a decryption tool in return.
The ransomware “specifically targets the entire network rather than individual workstations,” Bleeping Computer reported Wednesday. “They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception.”
Ransomware is far from new, but Snake is arguably a serious escalation on what has come before.
“Ransomware has proven to be very lucrative for cyber criminals and it appears some of their ill-gotten gains have funded advancements in ransomware tools,” Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “The Snake ransomware is one such example where criminals are trying to cause extra disruption by attempting to encrypt the entire network.”
Malik said organizations should focus on the root cause of how ransomware enters the network. “This is primarily through social engineering (mainly phishing), or by exploiting unpatched public-facing software,” he said. “So, if they place resources into addressing these entry points, it is more likely they will prevent ransomware and many other attack techniques.”