What Is SNAKE Ransomware?
Snake ransomware is the first malware threat that has been created in 2020. We are only 9 days in and hackers are already creating new ways to extort businesses!
Snake ransomware is not targeting specific computers on a company’s network. The criminals behind it are targeting ALL computers on a network. They are using a technique called enterprise targeting.
According to bleepingcomputer.com, this targeting method is used to make way into a network, harvest administrator credentials, and then encrypt the files on every computer within the network. This is detrimental for any businesses no matter the size. Wannacry ransomware is another malware that uses enterprise targeting.
Snake written in Golang. Golang, according to geeksforgeeks.org, is a programming language (also called Go) that was launched in 2009 as an open source programming language.
Ransomware is software that denies you access to your files or computer until you pay a ransom. In 2019 ransomware attacks accounted for almost a quarter of all malware breaches! If you would like to find out ways on how to prevent ransomware read our related post.
How It works.
In a blog post by Bleeping Computer they define how Snake ransomware works.
“It starts by removing, the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.”
Shadow copies are file changes made on a computer, recorded by a Windows crawler, that are indexed and stacked on top of each other in a folder according to Howtogeek.com.
SCADA stands for Supervisory Control and Data Acquisiton. These systems, are “used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation.” – webopedia.com
You can imagine how detrimental removing an organization’s shadow copies and disabling their SCADA systems would be. They will have no record of their file changes and their critical monitoring systems would be down!
After this destruction, Snake encrypts the files on the computer, just like most ransomware programs do. Tripwire states, “As part of this process, it appends “EKANS” as a file marker along with a five-character string to the file extension of each file it encrypts”. Ekans is snake spelled backwards and a creature from the popular Pokémon game series.
What If You Get Attacked by Snake?
The Ransom note states that you can send 3 files over that don’t contain databases or spreadsheets and the hackers will decrypt them for free. This doesn’t mean that they will give up their decryption key after you pay the ransom. They stole your files in the first place, there is no guarantee they will have a change of heart and return them. Unfortunately, no public decryption key exists yet.
The best defense against snake ransomware is to have strong cyber security practices in place, multiple backups on and off site, and to incorporate cybersecurity education into your company’s culture.