The SNAKE is a new ransomware that is threatening enterprises worldwide along with most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga.
The scary trend sees criminal organizations targeting enterprises, instead of single users, using the above malware to maximize their profits.
The ransomware is written in Golang and is heavily obfuscated, it is designed to target the entire network rather than individual computers or servers.
Like other ransomware, upon execution Snake will remove the computer’s Shadow Volume Copies, it
Then the malware encrypts the files on the system, skipping Windows system files and folders. The SNAKE ransomware appends a ransom 5 character string to the
The experts noticed that the malware appends the ‘EKANS‘ file marker to each encrypted file.
“As this is targeted ransomware that is executed at the time of the attacker’s choosing, this may not be that much of a problem as the encryption will most likely occur after hours.”
Once the encryption process is completed the ransomware will create a ransom note (named ‘Fix-Your-Files.txt’) in the C:\Users\Public\Desktop folder that contains the email address (firstname.lastname@example.org)
Technical details, including IoCs, are reported in the analysis published by BleepingComputer.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.