New ransomware is targeting Windows industrial control systems

Ekans Ransomware

Details of new ransomware have emerged. Dragos has published a report detailing Ekans, ransomware which targets industrial control systems (ICS)

Ekans ransomware emerged in December last year and was immediately reported on by Dragos. The leading ICS cybersecurity firm then published a report in January 2020 to their WorldView Threat Intelligence customers detailing the threat.

The report says that, while it is relatively straightforward ransomware to deal with, it does contain additional functionality which grants Ekans the ability to forcibly stop processes in ICS operations. This could be potentially damning to organisations using IIoT at scale.

Perhaps most troublingly, Dragos found a level of intentionality in the ransomware, something which had more often than not been absent from targets in industrial sectors.

Rob Fitzsimons, a field applications engineer at Telesoft Technologies, said: “The Ekans ransomware is another unmissable milestone in the world of malware. Targeting Windows systems used within industrial control systems, it shows that the cybercriminals are moving away from the ‘spray and pray’ tactic, instead putting laser focus on organisations that have a critical role in the nation’s infrastructure. This is concerning, as it means attackers are investing more time and resources into breaching the defences of a few companies, akin to state-sponsored attacks, which makes them more likely to succeed.”

READ MORE: Users vulnerable as Windows 7 support ends

The malware acts by first checking for the existence of a specific value, before determining its encryption. Before file encryption operations, Ekans force stops (or ‘kills’) processes. This forcible stop, if executed on the right systems, can cause loss of view across the network, ultimately leading to disastrous consequences.

“While still not overly clear how Ekans is distributed, it’s thought that attackers need to access networks before it can be deployed,” said Fitzsimons. “As such, combatting this type of malware requires complete visibility into an organisation’s data flow, as well as a trained human firewall that understands how cybercriminals can attempt to manipulate them into downloading files and clicking on links. A few days ago, it was reported that the Emotet trojan was spreading through Japan within emails containing false news about the Coronavirus infecting citizens quickly and the ‘urgent’ steps to take – cybercriminals really will stoop to any level to get into networks. When employees know that any link could result in malware, it may make them stop and think for that split second longer and delete.”

Dragos urge ICS owners and operators to review their attack surface in order to combat disruptive malware or ransomware which may find its way into ICS operations.

Read the full report here.

Ransomware, News, New ransomware is targeting Windows industrial control systems

Ben Ashman

Ben is a multimedia journalist with a keen passion for technology, literature and art. When he isn't writing you can find him wandering around London's museums and galleries.

The vital role business plays in the business intelligence equation

Phillip Smith • 03rd December 2021

As organizations continue turning their attention to technology advancements, to maintain some form of ‘business as usual’, there has never been a greater need for companies to truly understand the data they hold, and how to interpret it. Phillip Smith, the chief architect at workplace data analytics firm Tiger, explains more.

2,500 years of threat intelligence and its value continues to...

Anthony Perridge • 01st December 2021

Anthony Perridge, VP International at ThreatQuotient discusses how threat intelligence has evolved to form an essential aspect of modern-day cybersecurity. By harking back to the practices of our ancestors, today’s threat hunters can take inspiration about evaluating threat data to maximize the best possible decisions.

The gaming industry’s latest challenge: DDoS protection

Babur Khan • 30th November 2021

As the industry faces a rise in DDoS threats, it is time that gaming companies truly prioritise cybersecurity and business resiliency. In his latest article, Babur Khan,Technical Marketing Engineer at A10 Networks, lays out a framework for the industry to do just this, securing their customers and their own success against the tide of cyberattacks.

The Best Ten Rated Cloud Security Management Options For Business

Erin Laurenson • 24th November 2021

Cloud Security programs that can carry out safety procedures and address or flag potential high-risk elements are now critical, allowing businesses to function normally without fearing a potential breach. To help you find the best Cloud management and security system for your business, we’ve done the research and found the top systems presently available on...