Security researchers have observed samples of the new SNAKE ransomware family targeting organizations’ entire corporate networks.
Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation.
Upon successful infection, the ransomware deletes the machine’s Shadow Volume Copies before terminating various processes associated with SCADA systems, network management solutions, virtual machines and other tools. It then proceeds to encrypt the machine’s files while skipping over important Windows folders and system files. As part of this process, it appends “EKANS” as a file marker along with a five-character string to the file extension of each file it encrypts.