Mysterious New Ransomware Targets Industrial Control Systems; EKANS Appears To Be The Work Of Cyber Criminals Rather Than Nation-State Hackers — A Worrying Development If True — WIRED.com Says
The title above comes from Andy Greenberg’s February 3, 2020 article he posted to the security and technology website, WIRED.com. For Mr. Greenberg’s full article, I refer you to the February 3, 2020 edition of WIRED.com.
“Only a few times in the history of hacking, has a piece of malicious code been spotted attempting to directly meddle with industrial control systems, the computers that bridge the gap between digital and physical systems ” Mr. Greenberg begins. “Those rare specimens of malware (STUXNET), have destroyed nuclear enrichment centrifuges in Iran, and caused a blackout in Ukraine,” he wrote. “Now, a malware sample has surfaced that uses specific knowledge of industrial control systems to target them with a far blunter and more familiar tactic: Kill the target’s software processes, encrypt the underlying data, and hold it hostage.”
“Over the past month, researchers at security firms, including Sentinal One and Dragos, have puzzled over a piece of code called Snake, or EKANS, which they now believe is specifically designed to target industrial control systems, the hardware and software used in everything from oil refineries to power grids and manufacturing facilities, ” Mr. Greenberg warns. “Much like other ransomware, EKANS encrypts data and displays a note to victims demanding payment to release it: the name comes from a string it implants as a file marker on a victim computer to identify that its files have already been encryprted.”
“But EKANS also uses another trick to ratchet up the pain: It’s desigend to terminate 64 different software processes on a victim’s computer,” Mr. Greenberg notes, “including many specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firms pipelines, or a factory’s robots. That could have potentially dangerous consequences, like preventing staff from remotely monitoring or controlling the equipment’s operation,” Mr. Greenberg warms.
“EKANS is actually the second [known] ransomware to hit industrial control systems,” Mr. Greenberg noted. According to Dragos, “another ransomware strain known as Megacortex, that firs appeared last spring, included all of the same industrial control system process-killing features, and may in fact be a predecessor to EKANS [and] developed by the same hackers. But, because Megacortex also terminated hundreds of other processes, its industrial-control-system targeting features went largely overlooked.”
Whether EKANS is the work of some very sophisticated cyber hackers, or the work of a nation-state (Iran, North Korea, Russia, etc.) remains uncertain at this time. “If EKANS isn’t the work of state-sponsored hackers — Iranian or otherwise — that would make it even more significant by some measures,” Mr. Greenberg observes. “Along with Megacortex, it would represent the first-ever industrial control system malware deployed by non-state, cyber criminals. EKANS could signal that [sophisticated] industrial hacking tactics are proliferating to common criminals.”
Dan Goodin, writing on the security and technology website ArsTechnica, said in a February 3, 2020 post that EKANS represents “a new and deeply concerning” evolution in malware,” with respect to industrial control systems and critical infrastructure.
Unfortunately, with the Edward Snowden leak of highly sensitive NSA cyber collection tools, and a separate leak of NSA offensive cyber tools in 2015, along with trial-and-error, the availability of knowledge on the Internet, the sale of cyber ‘weapons’ on the Dark Web, and so on, it is somewhat surprising that the threat to industrial control systems and critical infrastructure hasn’t emerged sooner.
We are clearly at a point where smart viruses/elegantly targeted malwarre canl hold industrial equipment and other critical infrastructure at ransom. And, articifical intelligence (AI) enhanced malware — which is already for sale on the Dark Web, is super-charging novice cyber hackers and allowing them to leap-frog into the big leagues — with respect to posing a clear-and-present danger cyber threat. Are we on the verge of witnessing a disturbed, but sophisticated digital lone wolf, who will employ a cyber weapon of mass disruption/destruction — where significant loss of life is the objective?
Are we at the point that a ‘Dr. No’ in the digital world is possible? Or a digital pandemic that targets industrial control systems worldwide?; by cyber vigilantees. The digital wilderness of mirrors just got more complex, and treacherous. RCP, forrtunascorner.com