SNAKE Ransomware is targeting business networks


The SNAKE is a new ransomware which is terrifying enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga.

The trend is that the criminal organizations targets enterprises rather than single users, using the above-mentioned malware to maximize their profits.

The researchers from MalwareHunterTeam has first detected the Snake Ransomware last week and analyzed it with the support of the popular malware analysts Vitali Kremez.

The ransomware is written in Golang and is heavily confusing and it is designed to target the entire network rather than individual computers or servers.

Kremez, Head of SentinelLabs stated that the ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach.

Similar to other ransomware, on execution Snake will remove the computer’s Shadow Volume Copies, it also kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software etc.

After that the malware encrypts the files on the system, skipping Windows system files and folders. The SNAKE ransomware appends a ransom 5-character string to the files extension.

According to experts, the malware appends the ‘EKANS‘ file marker to each encrypted file.

On testing, it was found that it took Snake particularly long time to encrypt small test box compared to many other ransomware infections.

Since this is a targeted ransomware which is executed at the time of the attacker’s choosing, this may not be that much of a problem as the encryption will most likely occur after hours.

Once the encryption process is completed the ransomware will create a ransom note (named ‘Fix-Your-Files.txt’) in the C:\Users\Public\Desktop folder that contains the email address ([email protected]) to contact to receive the payment instructions.

It was also found that the gang is offering the decryptor for the entire network and not individual machines.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Minnesota Hospital Breach exposed medical info of 50 K

    Previous article

    City of Las Vegas hit by a Cyber attack

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *