Friday, January 15, 21:08
Home security Snake Ransomware: isolates infected systems before encrypting them

Snake Ransomware: isolates infected systems before encrypting them

Researchers from Deep Instinct, recently discovered a new strain of it Snake ransomware, which isolates them systems contaminated so that their files can be encrypted without interference.   

Snake

In January, a new wave of attacks was targeted Companies. The SentinelOne had also discovered that Snake Ransomware targets processes and files related to industrial control systems (ICS).

Its creators ransomware, did not take any action when the coronation began to spread, however on May 4 a new operation was launched against large companies around the world.

Presumably, some of them victims Snake Ransomware is Fresenius Group, the largest hospital service provider in Europe, as well as the Japanese car industry Honda.

Snake ransomware works by stopping certain processes, including those associated with ICS, for encrypting relevant files.

However, in the latest ransomware samples, the ability to activate and deactivate protection walls has been observed, as well as the exploitation of certain commands, so that no connections can be made to system.

"Before the encryption begins, Snake will use their firewall Windows to exclude any incoming and outgoing network connections to the victim's machine that have not been configured on the firewall. The built-in Windows netsh tool will be used for this purpose, "he said research Deep Instinct. "Disconnected from the outside world, Snake will then stop the processes that may affect encryption. The list includes ICS-related procedures and several security solutions and backups. "

Ransomware stops any process that could affect encryption, including those related to industrial software, backup solutions and of course tools security. Malicious software then deletes shadow copies, preventing files from being recovered.

Once it manages to complete these actions, it then begins the encryption process. The files it targets are mainly critical folders, as well as databases, documents, extension files, and more.

Malicious software adds a random five-character string to the extension of encrypted files and the word Ekans at the end of the file.

Although the basic scenario of ransomware is to encrypt important files and require ransoms to restore them, the methods used and their creators continue to evolve over time.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...