SNAKE Ransomware targets all connected devices

Thre is a new ransomware on the scene called SNAKE, it is targeting users networks and aiming to encrypt all of the devices connected to it.

The Snake Ransomware was discovered by MalwareHunterTeam last week who shared it with Vitali Kremez to reverse engineer and learn more about the infection.

The ransomware is written in Golang and is heavily obfuscated, it is designed to target the entire network rather than individual computers or servers.

VirusTotal results for the Snake Ransomware hash.

Upon execution Snake will remove the computer’s Shadow Volume Copies, it also kills numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.

Then the malware encrypts the files on the system, skipping Windows system files and folders. The SNAKE ransomware appends a ransom 5 character string to the files extension (i.e. a file named invoice.doc is encrypted and renamed like invoice.docIksrt.

IOCs:

SHA-256 Hash:

e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: