EKANS Ransomware (Snake) Attacks Industrial Systems Once Again


The EKANS ransomware which is known as Snake is one of the most prolific hacking tools which are used in large-scale and targeted campaigns against industrial plants. A recently discovered hacking offensive has uncovered that this malware is once again being used against Industrial control systems and related facilities.

EKANS (SNAKE) Ransomware Hits Industrial Facilities in a New Attack


The Snake ransomware which is also known as EKANS due to the extension it applies to the target data on the infected devices. It appears that virus samples have been discovered in ongoing attacks – both in end of May and in June. The virus is written in the GO programming language which has become popular with malware creators.


Programmers like to use it because it is very convenient to compile to different platforms – a single code selection can be run through the compiler and the generated samples will work across multiple platforms, including the IoT and control devices used in production facilities and critical industries. One of the characteristics of the EKANS ransomware is that their samples are of a relatively large size. This means that malware analysis will be made more difficult. It seems that the hackers behind the EKANS ransomware are once again targeting production facilities as this was done with the Honda attack.

The virus code is heavily obfuscated which means that most security engines will not be able to detect its presence. It is also rather complex containing over 1200 strings and includes a lot of advanced features that have not been found across the older variants:


  • Confirmation of the target environment

  • Isolation of the installed host firewall whic ..

    Support the originator by clicking the read the rest link below.