Ransomware called Ekans (also known as Snake) first appeared in December 2019 and is targeting against industrial control systems (ICS).
It is reported that since the first appearance of Ekans, researchers from various security agencies have been analyzing it and found that Ekans can stop many process applications related to the operation of industrial control systems (ICS).
In this regard, researchers from Dragos said that “While Dragos cannot completely rule out the possibility of state-sponsored use, available evidence more strongly links this to non-state actors, including criminal entities. As a result, this could be sold in criminal or related markets for use by other entities, as observed in other ransomware families.”
According to Dragos researchers, the malware cannot propagate on its own, it relies on an attacker to launch it interactively or via a script. As a result, it is currently less destructive than most ransomware, because hackers must maintain access to users of the system throughout the attack.
Researchers believe the malware is Iran-sponsored. At the same time, it seems that EKANS is similar to the second version of MegaCortex ransomware, which also has a list of commands and processes associated with a number of industrial control system-specific functionalities aimed at stopping these functions in a ransomware attack.