Saturday, July 11, 05:49
Home security Industrial control systems are the new target of Ransomware

Industrial control systems are the new target of Ransomware

Lately, it seems that malicious agents have turned the attacks on ransomware they carry on systems industrial control (ICS). Security researchers say malicious file encryption software to infect computer networks that control functions in manufacturing environments and utility applications is something that has only recently been observed.

Such as he says Cyber-Security Dragos, the ransomware called Ekans (also known as Snake), first appeared in December 2019 and is designed to attack systems Windows used in industrial environments.

Of course there have also been some malware targeting ICS in the past. But the researchers concluded that Ekans appears to be the work of a government criminal group involved in the site and that it represents "a unique and specific risk to industrial businesses not previously observed in malware ransomware."

Researchers have found that Ekans contains a list of commands and processes related to various functions of the industrial control system designed to disrupt these functions.

The encrypted files are renamed to a random five-character file extension, and a prompt appears ransom with a contact email address to negotiate the amount with the victim.

The attackers behind Ekans may need to infect the network before executing the ransomware attack. This follows the same procedure as ransomware variants such as Ryuk and Megacortex. Dragos reports also note that Ekans may be related to ransomware Megacortex.

Some reports have linked Ekans to Iran, but after analyzing the malware, Dragos concluded that there is no "strong or unambiguous evidence" linking this campaign to its strategic interests. Iran.

At present it is not certain how Eksans is distributed to victims, but to protect them from ransomware attacks, it is recommended to isolate ICS systems from the rest of the network, so even if a standard Windows machine is hacked, an attacker will not be able to move to systems that control it infrastructure.

Organizations should also ensure that they keep backups that are stored offline. Backups must include the latest known configuration data to ensure its fast recovery.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.

Spotify, Pinterest and Tinder are "crashing" because of D. Facebook

Popular applications and services, such as Spotify, Pinterest and Tinder, have cracked iOS devices ....

Technology and Teachers: What Do Experts Appreciate?

Too many educators around the world have struggled to adopt the technological tools in the midst of the pandemic to deliver lessons ...

COVID-19 apps: Virus detection applications violate privacy

COVID-19 apps: Beware, they violate private privacy Virus detection applications violate private privacy by recording more data than they need, setting ...

Debian 8 “Jessie”: Another version in End-of-life stage

After a long support of Debian 8 "Jessie", the development team of the operating system announced that it stops ...

Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware is a new threat targeting corporate networks. Its advanced capabilities allow it ...

Smartwatch tracker that helps vulnerable people can be hacked

Researchers have uncovered a number of serious security issues in a smartwatch tracker used in applications, including services designed for ...

WhatsApp: QR codes help you communicate with businesses

Facebook's messaging service, WhatsApp, has introduced two new features to help businesses ...

Zoom: Works to correct zero-day vulnerability

Zoom teleconferencing software works to fix a zero-day vulnerability revealed by the security company ...