Snake Ransomware Crawling its Way into Enterprise Network

Snake ransomware operators are back from a short hibernation and have launched a global cyberattack campaign, infecting organizations in its wake. Among these organizations, there is at least one healthcare organization. The healthcare organization is none other than Fresenius - Europe’s largest private hospital operator. 

What is happening?

The campaign jump-started on 4th May when organizations from everywhere around the globe and across every vertical were targeted. The attack on Fresenius compromised the company’s operations everywhere worldwide. This is a fairly new strain that holds the data and IT system hostage in lieu of digital currency. 

The wider view:

Threat actors employ enterprise-targeting ransomware to infiltrate the network, collect credentials, and then encrypt the files on the network. With COVID-19, healthcare organizations are constantly becoming the target for ransomware attacks as they are engaged in virus response. Moreover, Snake steals unencrypted files before encrypting the computers on a network. 

Our analysis:

  • The list of enterprise-targeting ransomware is growing longer by the day. It includes Maze, Ryuk, LockerGoga, Sodinokibi, DoppelPaymer, MegaCortex, and BitPaymer, with the latest addition being Snake. 
  • The attackers are suspected to be seeking intelligence on healthcare policies (national and international) or obtain sensitive data related to COVID-19 research.

What the experts are saying:

  • According to an alert issued by the CISA, APT actors are persistently targeting healthcare organizations, academia, medical research facilities, pharma companies, and local governments. 
  • It has been confirmed by the spokesperson of Fresenius that the company was dealing with a computer virus. However, they have not made any comments on the payment of ransom.

Also:

Snake ransomware has targeted an architectural firm in France and a prepaid debit card company. The ransomware is written in Golang and has a higher level of obfuscation as compared to other infections.

In essence:

Snake is still being analyzed for weaknesses and it is yet unknown if the decryption can be done for free. Thus, organizations are suggested to assume the worst and treat the attack as a data breach.