New ransomware is targeting Windows industrial control systems

Ekans Ransomware

Details of new ransomware have emerged. Dragos has published a report detailing Ekans, ransomware which targets industrial control systems (ICS)

Ekans ransomware emerged in December last year and was immediately reported on by Dragos. The leading ICS cybersecurity firm then published a report in January 2020 to their WorldView Threat Intelligence customers detailing the threat.

The report says that, while it is relatively straightforward ransomware to deal with, it does contain additional functionality which grants Ekans the ability to forcibly stop processes in ICS operations. This could be potentially damning to organisations using IIoT at scale.

Perhaps most troublingly, Dragos found a level of intentionality in the ransomware, something which had more often than not been absent from targets in industrial sectors.

Rob Fitzsimons, a field applications engineer at Telesoft Technologies, said: “The Ekans ransomware is another unmissable milestone in the world of malware. Targeting Windows systems used within industrial control systems, it shows that the cybercriminals are moving away from the ‘spray and pray’ tactic, instead putting laser focus on organisations that have a critical role in the nation’s infrastructure. This is concerning, as it means attackers are investing more time and resources into breaching the defences of a few companies, akin to state-sponsored attacks, which makes them more likely to succeed.”


READ MORE: Users vulnerable as Windows 7 support ends


The malware acts by first checking for the existence of a specific value, before determining its encryption. Before file encryption operations, Ekans force stops (or ‘kills’) processes. This forcible stop, if executed on the right systems, can cause loss of view across the network, ultimately leading to disastrous consequences.

“While still not overly clear how Ekans is distributed, it’s thought that attackers need to access networks before it can be deployed,” said Fitzsimons. “As such, combatting this type of malware requires complete visibility into an organisation’s data flow, as well as a trained human firewall that understands how cybercriminals can attempt to manipulate them into downloading files and clicking on links. A few days ago, it was reported that the Emotet trojan was spreading through Japan within emails containing false news about the Coronavirus infecting citizens quickly and the ‘urgent’ steps to take – cybercriminals really will stoop to any level to get into networks. When employees know that any link could result in malware, it may make them stop and think for that split second longer and delete.”

Dragos urge ICS owners and operators to review their attack surface in order to combat disruptive malware or ransomware which may find its way into ICS operations.

Read the full report here.

An image of Ransomware, News, New ransomware is targeting Windows industrial control systems

Luke Conrad

Technology & Marketing Enthusiast

Right Sizing & Workload Optimization in the Cloud

Joon Lee • 11th September 2023

Organizations facing the challenges of scaling their cloud infrastructure can achieve improved performance by implementing the principles of right sizing their infrastructure. This practice is essential for optimizing cloud infrastructure and enhancing its overall effectiveness. In this guide, we will discuss the benefits of right sizing, including optimizing costs, eliminating waste and improving performance. We’ll...

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Nutanix on OVHcloud US Offers a Hybrid Multicloud Solution

Joon Lee • 11th September 2023

Nutanix is a leading cloud computing software company that helps companies simplify their cloud strategies by using hyperconverged infrastructure (HCI) environments. Hyperconvergence is a software-centric architecture that tightly integrates compute, storage, networking, and virtualization resources and other technologies on commodity hardware servers supported by a single vendor.

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Can Europe take on the US Cloud giants?

Richard Hilton • 30th August 2023

With so many issues coming up about cloud storage, what is the solution to the dominance of the major giants like AWS (32%), Microsoft (23%) and Google (10%) taking 65% of the world cloud market?

The race to dominate the AI space

Kevin Cole • 24th August 2023

The launch of Chat GPT-4 in March of this year provided the catalyst for a conversation that has been gaining momentum for some time now: How will artificial intelligence (AI) change the world?