Breaking News

Samsung Display to Introduce First 90Hz OLED Laptop Display addlink launch P20 Portable SSD speed of up to 1050MB/s aKASA announces RGB controllers the new SOHO and VEGAS XL A Brief History of the Galaxy S Series’ Camera Technologies Samsung Introduces the 870 EVO SATA SSD Series

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Snake Industrial-focused Ransomware with Ties to Iran Identified

Snake Industrial-focused Ransomware with Ties to Iran Identified

Enterprise & IT Jan 28,2020 0

An Israeli cybersecurity firm flags an Iranian connection in a new strain of ransomware aimed at disrupting the activity of Industrial Control Systems (ICS).

OTORIO researchers said that Snake encrypts programs and documents on infected machines. Then, to prevent recovering the encrypted files from archives, Snake removes all file copies from infected stations, leaving the victims no choice but to pay the ransom or lose the data. Lastly, Snake searches for hundreds of specific programs, including various Industrial Control Systems oriented processes, in order to terminate them and allow it to encrypt their files.

OTORIO says that Snake uses a termination list that is almost identical to that of the MegaCortex ransomware, first discovered in mid-2019. However, Snake focuses on hundreds of specific processes, many of which target ICSs. More specifically, a majority of the targeted ICS processes belong to General Electric. The meaning of this is that the target of the attack employs GE equipment in its network. OTORIO researches found one very likely candidate: Bahrain’s leading national petroleum company, BAPCO. This was corroborated by the email listed in Snake’s ransom message: bapcocrypt@ctemplar.com.

In a statement, a General Electric representative said, “GE is aware of reports of a ransomware family with an industrial control system specific functionality. Based on our understanding, the ransomware is not exclusively targeting GE’s ICS products, and it does not target a specific vulnerability in GE’s ICS products.”

GE would work with customers to provide support as needed, the representative said.

"The potential damage of a Snake attack is significant" says Dor Yardeni - Head of Incident Response and Threat Hunting at OTORIO. "Deleting or locking targeted ICS processes would prohibit manufacturing teams from accessing vital production-related processes including analytics, configuration, and control. This is the equivalent of both blindfolding a driver and then taking away the steering wheel. In addition, Snake stops a critical networking process in the GE Digital Proficy server. This industrial gateway enables the connectivity to Proficy HMI/SCADA, MES, and EMI. Without it, operational teams would not just be driving blind - they’d also be deaf and dumb."

This is not the first time that BAPCO falls prey to a targeted cyberattack. Recently it was reported that Iranian state-sponsored hackers have deployed a data-wiping malware dubbed Dustman on BAPCO’s network. It’s no coincidence that these two attacks come in short proximity to one another. Iran has targeted its neighbors’ industrial infrastructure more than once. Furthermore, Iran’s hackers are known to learn from the capabilities and actions of others and to copy and utilize them to their advantage. Using an already “proven” malware (i.e. MegaCortex) and honing it (to target ICSs) is a hallmark of the operation methods of Iranian hackers.

Tags: cybercrimeCybersecurityRansomware
Previous Post
Thunderbird Gets a New Home
Next Post
SiPearl Company Established to Bringing to Life the Custom Microprocessor for the European exascale Supercomputers

Related Posts

  • Texas Courts Faced a Ransomware Attack

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

Latest News

Samsung Display to Introduce First 90Hz OLED Laptop Display
Enterprise & IT

Samsung Display to Introduce First 90Hz OLED Laptop Display

addlink launch P20 Portable SSD speed of up to 1050MB/s
PC components

addlink launch P20 Portable SSD speed of up to 1050MB/s

aKASA announces RGB controllers the new SOHO and VEGAS XL
PC components

aKASA announces RGB controllers the new SOHO and VEGAS XL

A Brief History of the Galaxy S Series’ Camera Technologies
Smartphones

A Brief History of the Galaxy S Series’ Camera Technologies

Samsung Introduces the 870 EVO SATA SSD Series
PC components

Samsung Introduces the 870 EVO SATA SSD Series

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed