Lately, it seems that malicious agents have turned the attacks on ransomware they carry on systems industrial control (ICS). Security researchers say malicious file encryption software to infect computer networks that control functions in manufacturing environments and utility applications is something that has only recently been observed.
Of course there have also been some malware targeting ICS in the past. But the researchers concluded that Ekans appears to be the work of a government criminal group involved in the site and that it represents "a unique and specific risk to industrial businesses not previously observed in malware ransomware."
Researchers have found that Ekans contains a list of commands and processes related to various functions of the industrial control system designed to disrupt these functions.
The attackers behind Ekans may need to infect the network before executing the ransomware attack. This follows the same procedure as ransomware variants such as Ryuk and Megacortex. Dragos reports also note that Ekans may be related to ransomware Megacortex.
Some reports have linked Ekans to Iran, but after analyzing the malware, Dragos concluded that there is no "strong or unambiguous evidence" linking this campaign to its strategic interests. Iran.
At present it is not certain how Eksans is distributed to victims, but to protect them from ransomware attacks, it is recommended to isolate ICS systems from the rest of the network, so even if a standard Windows machine is hacked, an attacker will not be able to move to systems that control it infrastructure.
Organizations should also ensure that they keep backups that are stored offline. Backups must include the latest known configuration data to ensure its fast recovery.