Snake Ransomware Slithering Across Connected Networks

It seems that the ransomware troubles aren’t going anywhere any time soon. The new Snake ransomware has ventured into the cyber landscape and is crawling on its way to encrypt the target system, along with connected devices.

The situation

Operations at Honda were disrupted in parts across the U.S., Japan, India, and Europe due to an attack by the Snake ransomware. However, the company has stated that they have not found any evidence of loss of PII. Enel Argentina - a South American energy-distribution company - also suffered a cyberattack, conducted by the same threat actors.

Where else has the Snake been found crawling?

The operators of Snake ransomware have developed the ransomware with the capability of evading many different anti-malware solutions.
  • Earlier this year, the ransomware was found targeting Industrial Control Systems (ICS).
  • Most of the ICS processes targeted by the ransomware are related to the products made by General Electric.
  • The operators launched a devastating attack on Fresenius, Europe’s largest private hospital operator.
  • Some of the frequently targeted applications include VMware tools, Nimbus, FLEXnet, Microsoft System Centre Operations Manager, and Honeywell HMIWeb, among others.

Worth noting

  • Similar to every modern ransomware, the ransomware removes Volume Shadow Copies that an operating system uses for backups.
  • The processes that the ransomware attempts to terminate include system utilities, SCADA platform, and enterprise management tools, among others.


The bottom line

Like every other modern ransomware, Snake is capable of wreaking havoc on an infected environment. It is crucial to have well-tested and functional backup processes as part of business continuity.