SNAKE: The New Ransomware In Town Targetting Business Networks
There’s a new form of ransomware out on the market being used by cybercriminals to cripple the network of an organisation, while demanding a hefty fee before essential services and data can be decrypted and accessed again.
It’s known as the SNAKE, and it’s set to pose an existential problem for those unlucky enough to come in contact with it. According to a report from Bleeping Computer’s Lawrence Abrams, it’s one of the most sophisticated pieces of malware - malicious software - that security researchers have seen emerge in the past few years.
“Snake Ransomware,” he explains “was discovered by MalwareHunterTeam last week who shared it with Vitali Kremez to reverse engineer and learn more about the infection.”
“Based on the analysis performed by Kremez, this ransomware is written in Golang and contains a much high[er] level of obfuscation than is commonly seen with these types of infections.”
When implanted into the network of an organisation or individual, it launches a multi-pronged attack on the network’s remote management tools, network management software, kills virtual machines and industrial control systems and disables a number of processes designed to protect a network.
Vitali Kremez told Abrams that “the ransomware contains a level of routine obfuscation not previously and typically seen coupled with a targeted approach.” After this, the ransomware has been designed to “encrypt files on the device, while skipping any that are located in Windows system folders and various system files,” essentially locking-down files that can’t be accessed without the proper decryption tool.
“When done encrypting the computer, the ransomware will create a ransom note… this ransom note contains instructions to contact a listed email address for payment instructions. This ransomware specifically targets the entire network rather than individual workstations. They further indicate that any decryptor that is purchased will be for the network and not individual machines, but it is too soon to tell if they would make an exception,” the report states.
The ransom note states that “the only way to restore your file is by purchasing a decryption tool loaded with a private key we created specifically for your network. Once run on an affected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably better cybersecurity in mind.”
The ransom note also goes on to assure those impacted that if they are to send them up to three files, they will happily send them back decrypted as proof of their decryption tools in the hope the organisation impacted will pay the ransom sooner rather than later.
Abram’s report also mentions that “BleepingComputer has tested many ransomware infections since 2013 and for some reason, it took Snake particularly long time to encrypt our small test box compared to many other ransomware infections. As this is targeted ransomware that is executed at the time of the attacker’s choosing, this may not be that much of a problem as the encryption will most likely occur after hours.”