Ransomware continues to be a very active, always evolving threat. One of the newest strains to emerge is Snake (also known as EKANS, which is simply “Snake” spelled backward).
First appearing at the end of December last year, the most interesting feature of Snake is that it targets industrial control systems (ICS) environments – not the individual machines, but the entire network.
The obfuscated ransomware sample, which was written in the Go programming language, was first observed in commercial malware repositories. It is designed to terminate specific processes on victim machines, including multiple items related to ICS operations, as well as delete Volume Shadow Copies to eliminate Window backups.
While there is currently no decryption available, systems that are running Acronis Active Protection – the AI-based anti-malware defense that is integrated into our cyber protection solutions – successfully detects Snake ransomware as a zero-day attack and stops it in its tracks.