H L Data Storage Store Banner 970x90
Breaking News

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs SK hynix Develops World’s Highest 238-Layer 4D NAND Flash Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022 ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Snake Industrial-focused Ransomware with Ties to Iran Identified

Snake Industrial-focused Ransomware with Ties to Iran Identified

Enterprise & IT Jan 28,2020 0

An Israeli cybersecurity firm flags an Iranian connection in a new strain of ransomware aimed at disrupting the activity of Industrial Control Systems (ICS).

OTORIO researchers said that Snake encrypts programs and documents on infected machines. Then, to prevent recovering the encrypted files from archives, Snake removes all file copies from infected stations, leaving the victims no choice but to pay the ransom or lose the data. Lastly, Snake searches for hundreds of specific programs, including various Industrial Control Systems oriented processes, in order to terminate them and allow it to encrypt their files.

OTORIO says that Snake uses a termination list that is almost identical to that of the MegaCortex ransomware, first discovered in mid-2019. However, Snake focuses on hundreds of specific processes, many of which target ICSs. More specifically, a majority of the targeted ICS processes belong to General Electric. The meaning of this is that the target of the attack employs GE equipment in its network. OTORIO researches found one very likely candidate: Bahrain’s leading national petroleum company, BAPCO. This was corroborated by the email listed in Snake’s ransom message: bapcocrypt@ctemplar.com.

In a statement, a General Electric representative said, “GE is aware of reports of a ransomware family with an industrial control system specific functionality. Based on our understanding, the ransomware is not exclusively targeting GE’s ICS products, and it does not target a specific vulnerability in GE’s ICS products.”

GE would work with customers to provide support as needed, the representative said.

"The potential damage of a Snake attack is significant" says Dor Yardeni - Head of Incident Response and Threat Hunting at OTORIO. "Deleting or locking targeted ICS processes would prohibit manufacturing teams from accessing vital production-related processes including analytics, configuration, and control. This is the equivalent of both blindfolding a driver and then taking away the steering wheel. In addition, Snake stops a critical networking process in the GE Digital Proficy server. This industrial gateway enables the connectivity to Proficy HMI/SCADA, MES, and EMI. Without it, operational teams would not just be driving blind - they’d also be deaf and dumb."

This is not the first time that BAPCO falls prey to a targeted cyberattack. Recently it was reported that Iranian state-sponsored hackers have deployed a data-wiping malware dubbed Dustman on BAPCO’s network. It’s no coincidence that these two attacks come in short proximity to one another. Iran has targeted its neighbors’ industrial infrastructure more than once. Furthermore, Iran’s hackers are known to learn from the capabilities and actions of others and to copy and utilize them to their advantage. Using an already “proven” malware (i.e. MegaCortex) and honing it (to target ICSs) is a hallmark of the operation methods of Iranian hackers.

Tags: cybercrimeCybersecurityRansomware
Previous Post
Thunderbird Gets a New Home
Next Post
SiPearl Company Established to Bringing to Life the Custom Microprocessor for the European exascale Supercomputers

Related Posts

  • Texas Courts Faced a Ransomware Attack

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

H L Data Storage Store Banner 300x600

 

Latest News

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs
Enterprise & IT

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs

SK hynix Develops World’s Highest 238-Layer 4D NAND Flash
Enterprise & IT

SK hynix Develops World’s Highest 238-Layer 4D NAND Flash

Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022
Enterprise & IT

Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022

ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features
Enterprise & IT

ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features

Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution
Enterprise & IT

Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed