This new SNAKE attack may sound like a game every Nokia 3310 had back in the late 90s. But it’s not, this ‘snake’ is way more than that as it is a new member of ransomware family. MalwareHunterTeam discovered this new breed of ransomware. SNAKE is build to lock-up all your essential apps and files and charge excessive fees to decrypt all data.

What can it do to your system?

SNAKE does not touch your operating system files and programs which make you think that you have a purely working system where you can operate your data. But when you boot-up your system, you encounter the devastation caused by SNAKE.

It adds a random string of five characters to the end of every filename and stops every activity. Still, it is also smart to allow you to access the instructions to make payment to the cybercriminals behind SNAKE.

Image: SOPHOS

Why EKANS (SNAKE)?

Many ransomware adds particular extensions at the end which adds insult to injury. SamSam ransomware also added .weapologize text at the end of all scrambled files.

In SNAKE, it adds a different, randomly chosen five-character string at the end of all encrypted files. After scrambling your data, it asks “What happened to your files?”

Image: SOPHOS

So why, EKANS? We assume that the crooks behind the ransomware did this to make their task easy. They add EKANS to identify all scrambled files. This EKANS tag finishes off the encrypted file once original filename, directory and decryption key is stored.

Here are 5 best ways to avoid getting dunked by SNAKE Ransomware

  • Do not ignore warning signs. Your system may continuously warn you in your security logs. Ransomware attackers usually spend hours or even days to attack the network of computers to demand higher payout. If you spot them first before they do, you may be able to head them off entirely
  • Do not run unexpected attachments. The criminals probably won’t send you the ransomware directly, but they will try to reach you by running remote access malware that lets them get back in later so they can attack from right inside your network.
  • Do not open up remote access to your network unless you mean to do. As per reports, many ransomware attacks start because remote access systems such as RDP were open unexpectedly.
  • Do not let users talk you into softening up login security. Features such as 2FA, where you need to copy a one-time code off your phone every time you log in, add a tiny inconvenience for users compared to the extra difficulty they add for attackers.
  • Do not rely entirely on real-time, online backups. Most contemporary attackers search out and delete any online backups they can find, making it harder to recover without paying. Backups locked away in an old-school safe can’t be reached across your network!

Source: SOPHOS

Comments