Briefly Known
Targeting enterprises is also known as a big game, as it rewards attackers the lumpsum rather what they can collect as micro ransoms from individuals. This new ransomware is yet be studied as there’s no one hardly affected with this or deeply studied on this yet. First noted by MalwareHunterTeam, researchers shared their discovery with Vitali Kremez, an ethical hacker to reverse engineer and know-how this malware works. While this being under analysis, here’s what BleepingComputer said about it; The Snake Ransomware infiltrates into the network and will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. After which, the malware proceeds to encryption of sensitive data files except for system files as, Recycle Bin, ProgramData and Program Files within, Local Settings, Recovery and App Data. The encrypted will later be renamed with additional alphabets and a number. Inspecting the infected file in Editor shows the code of it, where EKANS marker is set at the end of each file. EKANS is the reverse of SNAKE, the group name. Further findings reveal that this ransomware infection happens only after the attacker’s choosing, which could likely be happening after hours of compromising. After all, there’s a usual ransom note left at somewhere to let victim reach out and lay if it. Here, the note was found in C:\Users\Public\Desktop folder with the title Fix-Your-Files.txt. The warnings are as usual asking the victim to contact him ([email protected]) for the decryption key to unlock all the encrypted files to be reused again. Source – BleepingComputer