What is EKANS Ransomware, How it Works and How to Protect from It?

What is EKANS Ransomware

New EKANS ransomware is the first for-profit strain of ransomware that basically attacks industrial control systems.

How the EKANS Ransomware Works 

This isn't the first occasion when that criminals have attempted industrial offices as focuses for ransomware, however past incidents essentially utilized an increasingly standard ransomware variation to attempt to close down customary PCs that were a piece of the system. The EKANS ransomware, which was first seen in December 2019, is the first for-profit strain intended to close down explicit procedures known to be utilized in industrial control systems made by GE and other significant manufacturers.

In addition to shutting down these procedures, the EKANS ransomware encrypts data and leaves a ransom note. Researchers with security firms Sentinel One and Dragos have followed the turn of events and sending of EKANS to a forerunner called Megacortex, a strain of ransomware that appeared a year ago and was focused on a broader assortment of big business scale businesses. Sentinel One tracked the origins of the ransomware to the Unified Kingdom, based on references in it to the names of certain shops in Sunderland. Researchers with Sophos accept that the Megacortex ransomware writers are connected to whoever made the Reitspoof malware family that appeared in mid-2019 and basically spread through Skype spam.

As the identity of the creators of any of these strains still can't seem to be affirmed, it is conceivable that the EKANS ransomware could be a ploy by a state-supported actor to cover the tracks of infrastructure probing and surveillance. Be that as it may, industrial control systems do bode well as an objective for cybercriminals seeking financial gain. At any rate, these organizations would probably find a modest ransom demand to be considerably more affordable than a broadened vacation. It is additionally conceivable that over the top expensive gear could be pulverized, or even genuine safety danger conditions made, should the capacity to control and monitor hardware be locked out at an inappropriate second.

No victims have approached to affirm that they have been hit by the EKANS ransomware, however, Sentinel One is genuinely certain that Bahrainian national oil company Bapco was struck. The industrial control systems utilized at Bapco are utilized in manufacturing systems just as at refineries, so there could be an exceptionally broad scope of victims and expected targets.

Protection from EKANS 

It isn't yet known how the EKANS ransomware is being conveyed to victims. The security researchers are recommending that these industrial control systems be portioned from the normal Windows systems on the remainder of the network at whatever point conceivable, as it is accepted that attackers utilize standard solid footings, (for example, phishing emails) to make their first opening. Normal offline backups that include setup data are additionally suggested.

As Tim Erlin, VP of item management and technique at Tripwire, watched:

"Ransomware, or any malware, can't simply mysteriously appear on your systems. It needs an instrument for sending, generally an unpatched defenselessness, misconfiguration, or effective phishing. While the development of the malware itself is interesting and concerning, any organization with an industrial footprint should concentrate on defending against these initial intrusion points. Doing the essentials well can drastically lessen the probability of an effective ransomware attack."

"While focusing on the innovation of an item to monitor and identify the malware, it's basic to consider that organizations ought to have an engaging and instructive security mindfulness training project to support their operators, employees, and officials know. They ought to be educated on current phishing attacks and the means they have to take to forestall a ransomware attack from launching on their network."

Try to have the best practice of relying on cloud antivirus techniques to provide top protection.