Level 20
Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.

Enterprise targeting, or big-game hunting, ransomware are used by threat actors that infiltrate a business network, gather administrator credentials, and then use post-exploitation tools to encrypt the files on all of the computers on the network.

The list of enterprise targeting ransomware is slowly growing and include Ryuk, BitPaymer, DoppelPaymer, Sodinokibi, Maze, MegaCortex, LockerGoga, and now the Snake Ransomware.
What we know about the Snake Ransomware
Snake Ransomware was discovered by MalwareHunterTeam last week who shared it with Vitali Kremez to reverse engineer and learn more about the infection.

Based on the analysis performed by Kremez, this ransomware is written in Golang and contains a much high level of obfuscation than is commonly seen with these types of infections.

"The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach," Kremez, Head of SentinelLabs, told BleepingComputer in a conversation.

When started Snake will remove the computer's Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.

the rest of the article from here: SNAKE Ransomware Is the Next Threat Targeting Business Networks


Level 53
Snake Ransomware That Written in Golang Language Removes Backup Shadows Copies & Encrypt Windows Files

January 25, 2020
Snake Ransomware That Written in Golang Language Removes Backup Shadows Copies & Encrypt Windows Files

Researchers observed new snake ransomware that written in Golang targeting Windows users to encrypt the system files and remove the Volume Shadow Copies that the OS uses for backup.
Snake ransomware is a targeted campaign that contains a standard ransomware feature with some of the more complex functionalities.

Malware authors choose the Golang language which is used to write some of the most recent ransomware families and utilized by some of the RaaS (Ransomware as a Service) offerings since it is flexible for cross-platform and completely open-source programming language.
Researchers believe that the campaign has the potential to do serious and critical damage to an infected environment.
Snake ransomware targeting the specific platforms such as SCADA, enterprise management tools, system utilities and also some of the specific targeted applications include VMware Tools, Microsoft System Center Operations Manager, Nimbus, Honeywell HMIWeb, FLEXnet,
Snake Ransomware Infection

Once it infects the system, relevant files are overwritten with encrypted data, and the encrypted files extension is changed as ” EKANS”.
Also, modified files added with random characters which used to make it more difficult to identify the specific ransomware family.

Malware authors used both symmetric and asymmetric cryptography to encrypt the victim’s windows system files.
A symmetric key is required for encrypting and decrypting of files, In this case, symmetric key used to encrypt the victim’s files with attacker’s public key and the decryption process is only possible by having the attackers private key.
Since the attackers using key lengths (AES-256, RSA-2048), which makes it impossible to crack the key and decrypt the data.
Snake ransomware also terminates the various system process of following.

-read more: Snake Ransomware Written in Golang Language to Encrypt Windows File