March 1, 2021

Volume XI, Number 60

Advertisement

March 01, 2021

Subscribe to Latest Legal News and Analysis

Industrial Control Systems at Risk from Targeted Snake Malware

Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing sites, and electrical and power grids. Although there have been a few successful attacks against ICS in the past, including the destruction of a nuclear enrichment centrifuge in Iran and a blackout in the Ukraine, this appears to be the first time malware specifically designed to target ICS has been discovered.

According to the security researchers and as reported by Wired, EKANS targets ICS and encrypts the ICS data, displaying a ransom note demanding payment, and then terminating 64 different software processes, allowing it to encrypt all files. In addition, the malicious code can actually destroy the software used to monitor the ICS, including pipelines, which means that monitoring or controlling ICS equipment could be interrupted or become impossible, which could have dangerous and devastating consequences.

There is some speculation about who is behind EKANS, but security researchers warn that if EKANS is not state-sponsored, then it is even more concerning. The Wired article notes that “It would represent the first-ever industrial control system malware deployed by non-state cybercriminals.”

Advertisement
Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 37
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement