EKANS: The Smart Ransomware
- Published: Wednesday, July 8, 2020
Ransomware is getting smarter. The EKANS variant has the ability to target potential victims, attacking industrial control systems and then confirming the target by resolving the domain to its IP lists. If the target is not the intended victim, the malware routine will exit. It the target is a match, the ransomware will begin to spread and look for vulnerable machines to compromise.
EKANS ransomware also has the ability to turn off the host firewall and block the anti-virus from communicating with the agent. The malware will identify and stop specific services and processes and then it will delete shadow copies and begin encryption of files.
EKANS also has built-in obfuscation abilities that will enable it to evade detection.
This is just one example of how ransomware is evolving to become more sophisticated and targeted. The EKANS malware family is specifically targeting industrial control systems, but other variants could easily be written in order to target other areas of commerce, finance or government institutions.