Industrial Control Systems also known as ICS are said to be under attack right now and this is via hacking attempts that have been targetted towards them. Due to this reason, it is important to understand how these systems are being attacked so that a solution can be found against the same. So there has been a study done to understand how ICS all over the world is being affected by a ransomware known as EKANS right now. There is a positive report since samples have been found of how this ransomware is targeting ICS systems.
The researchers have said that EKANS ransomware continue to be “lucrative for threat actors” meaning that it is still the preferred and reliable method for hackers to use in order to get inside ICS. According to the data, only one third of the total reports of malware incidents are due to this ransomware but “when applied to core, critical systems, such as utilities and manufacturing, an infection can be devastating, disruptive, and key services may feel incredible pressure to pay a ransom”
Talking about the samples found by researchers, these samples were collected from May and June of this year and “Both Windows-based samples are written in GO, a programming language widely used in the malware development community as it is relatively easy to compile to work on different operating systems”.
From the samples, it has been designed that the ransomware EKANS “has been designed to deliberately select its victims. The malware will try to confirm its target by resolving the domain belonging to a victim company and comparing this information to IP lists. If the target status is not confirmed, the routine exits”. Furthermore, “the ransomware will scan for domain controllers to compromise” once their target has been locked as per the sample analysis.