SNAKE Ransomware targets all connected devices
Thre is a new ransomware on the scene called SNAKE, it is targeting users networks and aiming to encrypt all of the devices connected to it.
The Snake Ransomware was discovered by MalwareHunterTeam last week who shared it with Vitali Kremez to reverse engineer and learn more about the infection.
The ransomware is written in Golang and is heavily obfuscated, it is designed to target the entire network rather than individual computers or servers.
Upon execution Snake will remove the computer’s Shadow Volume Copies, it also kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.
Then the malware encrypts the files on the system, skipping Windows system files and folders. The SNAKE ransomware appends a ransom 5 character string to the files extension (i.e. a file named invoice.doc is encrypted and renamed like invoice.docIksrt.
IOCs:
SHA-256 Hash:
e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.