Snake Ransomware, a new family of ransomware like
Ryuk,
Maze,
REvil. It written in GoLang, an opensource language, which is becoming popular among exploit writers. It encrypts data of its victim and appended EKANS and the end of the file. EKANS is reverse for SNAKE, hence the name. It assign arbitrary extension to its victim's encrypted files which make its classification difficult.
SNAKE ransomware does not only encrypt data on victim machine but also on available network resources like shares, Z: drives. Its deletes operating systems shadow copies to prevent recovery in case of backups. If it find running process of SCADA systems, enterprise management tools, system utilities or any other related tools/utilites it first close them before encryption.
SNAKE Ransomware Sample Signatures
Family: Ransom:Win32/Killpror!MSR
MD5: 3d1cc4ef33bad0e39c757fce317ef82a
SHA256: e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60
SNAKE Ransomware Sample Download
