New ransomware is targeting Windows industrial control systems

Ekans Ransomware

Details of new ransomware have emerged. Dragos has published a report detailing Ekans, ransomware which targets industrial control systems (ICS)

Ekans ransomware emerged in December last year and was immediately reported on by Dragos. The leading ICS cybersecurity firm then published a report in January 2020 to their WorldView Threat Intelligence customers detailing the threat.

The report says that, while it is relatively straightforward ransomware to deal with, it does contain additional functionality which grants Ekans the ability to forcibly stop processes in ICS operations. This could be potentially damning to organisations using IIoT at scale.

Perhaps most troublingly, Dragos found a level of intentionality in the ransomware, something which had more often than not been absent from targets in industrial sectors.

Rob Fitzsimons, a field applications engineer at Telesoft Technologies, said: “The Ekans ransomware is another unmissable milestone in the world of malware. Targeting Windows systems used within industrial control systems, it shows that the cybercriminals are moving away from the ‘spray and pray’ tactic, instead putting laser focus on organisations that have a critical role in the nation’s infrastructure. This is concerning, as it means attackers are investing more time and resources into breaching the defences of a few companies, akin to state-sponsored attacks, which makes them more likely to succeed.”

READ MORE: Users vulnerable as Windows 7 support ends

The malware acts by first checking for the existence of a specific value, before determining its encryption. Before file encryption operations, Ekans force stops (or ‘kills’) processes. This forcible stop, if executed on the right systems, can cause loss of view across the network, ultimately leading to disastrous consequences.

“While still not overly clear how Ekans is distributed, it’s thought that attackers need to access networks before it can be deployed,” said Fitzsimons. “As such, combatting this type of malware requires complete visibility into an organisation’s data flow, as well as a trained human firewall that understands how cybercriminals can attempt to manipulate them into downloading files and clicking on links. A few days ago, it was reported that the Emotet trojan was spreading through Japan within emails containing false news about the Coronavirus infecting citizens quickly and the ‘urgent’ steps to take – cybercriminals really will stoop to any level to get into networks. When employees know that any link could result in malware, it may make them stop and think for that split second longer and delete.”

Dragos urge ICS owners and operators to review their attack surface in order to combat disruptive malware or ransomware which may find its way into ICS operations.

Read the full report here.

Luke Conrad

Technology & Marketing Enthusiast

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...