Snake Ransomware, a new family of ransomware like Ryuk
. It written in GoLang, an opensource language, which is becoming popular among exploit writers. It encrypts data of its victim and appended EKANS and the end of the file. EKANS is reverse for SNAKE, hence the name. It assign arbitrary extension to its victim's encrypted files which make its classification difficult.
SNAKE ransomware does not only encrypt data on victim machine but also on available network resources like shares, Z: drives. Its deletes operating systems shadow copies to prevent recovery in case of backups. If it find running process of SCADA systems, enterprise management tools, system utilities or any other related tools/utilites it first close them before encryption.
SNAKE Ransomware Sample Signatures
SNAKE Ransomware Sample Download