Pierluigi Paganini
May 07, 2020
The operators behind the Snake Ransomware have launched a new campaign that targeted companies worldwide and that infected at least one organization in the healthcare industry over the last few days.
In January experts observed a new wave of attacks that targeted organizations worldwide, experts from SentinelOne also discovered Snake Ransomware that was targeting processes and files associated with industrial control systems (ICS).
The activity of the gang was relatively quiet during the COVID-19 outbreak since May 4, when the ransomware operators launched a massive campaign that targeted organizations worldwide.
The spike in the attack associated with this specific threat is confirmed by data shared by the ransomware identification site ID Ransomware that demonstrates a massive jump in submissions to the service.
“Starting on May 4th, ransomware identification site, ID Ransomware, showed a massive jump in submissions after seeing a few here and there over the last couple of months.” reported BleepingComputer.
Snake Ransomware is suspected to have been employed in a ransomware attack that hit Fresenius Group, Europe’s largest hospital provider.
“Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues,” reported the popular investigator Brian Krebs.
Fresenius provides products and services for dialysis, hospitals, and inpatient and outpatient care, the products of the company are very important to cure patients affected by COVID-19 because many of them face kidney failure.
According to Krebs, this isn’t the first ransomware attack suffered by Fresenius, the company already paid $1.5 million to resume operations after a previous ransomware infection.
Snake ransomware operators, like other ones, also steal unencrypted files before encrypting the infected systems, then they threaten the victims to release the data if they don’t pay the ransom.
“As noted by MalwareHunterTeam, the ransom note named ‘Decrypt-Your-Files.txt’ from this week’s attacks, the Snake operators have added text stating that they will publish stolen databases and document if not paid within 48 hours.” reported BleepingComputer.
Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Facebook, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
