In the last five years, ransomware has become the worst threat to factories, hospitals and local towns and school districts have been shut down all over the world. Researchers have found ransomware to do something potentially more sinister in recent times, deliberately manipulate control systems, which rely on dams, gas and electrical grids refineries to ensure that equipment runs safely.
Ransomware has always been a threat to security. Yet disruption to IT infrastructure inside targeted networks remained controlled. Unless the Ransomware jumps into ICS networks–usually segregated and strengthened.
The study of Monday identified Ekans’s ICS as minimal and honest because the malware literally destroys different processes generated by ICS systems that are widely-used. This is a key differentiator in ICS targeting ransomware that has been uncovered in recent years before doing much more severe damage.
Industroyer, Trisis and the others provided code which controlled, mapped or dismantling certain sensitive functions in the critical infrastructure sites they attacked, surgically and painstakingly. In comparison, Ekans and Mega Cortex simply eliminate ICS software-generated systems. The consequence of the protection of activities inside contaminated systems would be just what the killing of those processes would have.
Another explanation of why Dragos thinks Ekans is a “relatively primitive attack” is that there is no method for distributing ransomware. It makes Ekans much less of a threat than Ransomware like Ryuk, who gathers passwords on compromised devices secretly for months so that they can proliferate freely in most areas of a targeted network.
The recent report on Ekans, also named Snake, which was modeled by Iran. Based on the findings of the security firm Otorio, the study reported parallels with previously known Iranian malware and operations. Researchers from Dragos said the company “founds that such a link on the basis of evidence is incredibly tenuous.”
Ekans deserves serious attention from organizations that carry out ICS operations in spite of the lack of sophistication and established linkages with national States.