SNAKEHOSE Ransomware Kills Some OT/ICS Processes, Potentially to Increase Impact presented at ICSCyberSecurityConference 2020

by Yihao Lim,

Summary : Ransomware tracked by FireEye as SNAKEHOSE (aka SNAKE) is a ransomware family written in Go and obfuscated with gobfuscate. Files are encrypted using a combination of the AES and RSA encryption algorithms and cannot be recovered without access to the corresponding RSA private key.Recent public reporting on this family claims that the malware contains functionality to kill "numerous" processes related to OT/ICS. FireEye's analysis of SNAKEHOSE mainly identified targeted processes related to anti-virus, backups, networking, and system utilities. The only OT/ICS functionality uncovered by FireEye is an ability to kill processes associated with GE's Proficy, a suite used for historians and human-machine interfaces (HMIs)Attend this session for a deep dive on this malware and learn more about its capabilities.