Researchers have identified a new ransomware targeting business networks with the aim of encrypting all devices connected to it.
MalwareHunterTeam discovered Snake Ransomware, and Vitali Kremez, Head of Sentinel Labs, conducted an analysis on it to understand more about the infection.
“The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach,” Kremez told BleepingComputer.
Snake infiltrates the network and will remove the computer’s Shadow Volume Copies. It will then kill numerous processes related to SCADA systems, industrial control systems, virtual machines, network management software, remote management tools and more.
Snake will then go on to encrypt the files on the device whilst skipping files in Windows system folders and various system files. The encrypted files will have a random 5 character string attached to the files extension, and within each encrypted file, SNAKE will append the “EKANS’ file marker.
BleepingComputer tested Snake and pointed out that it took particularly long to encrypt their small test box in comparison to other ransomware infections.
“As this is targeted ransomware that is executed at the time of the attacker’s choosing, this may not be that much of a problem as the encryption will most likely occur after hours,” explained BleepingComputer.
After the file is encrypted a ransom note is created which contains instructions to contact a listed email address for payment instructions.
Currently, it remains unknown if SNAKE can be decrypted for free.