[BreachExchange] Enel Group attacked by SNAKE ransomware same as Honda

Destry Winant destry at riskbasedsecurity.com
Wed Jun 17 10:10:43 EDT 2020 

https://www.ehackingnews.com/2020/06/enel-group-attacked-by-snake-ransomware.html

The Enel Group, a power, and sustainability company were hit by EKANS
(SNAKE) ransomware on June 7th affecting its internal network.


The company confirmed that their internal network was disrupted
consequently had to isolate their corporate network segment but their
security system caught the malware before it could infect and encrypt.
The EKANS (SNAKE) group was also responsible for a similar attack on
Honda, a few days back.

The company recovered from the attack quite swiftly and all
communication and network were restored the next day.

Though Enel didn't disclose which ransomware attacked them, security
researchers are placing their bets on SNAKE. David Emm, a principal
security researcher at Kaspersky, said: “While the company hasn’t
confirmed which ransomware, there have been reports that it is SNAKE,
which has been used in the past in targeted ransomware attacks. Nor is
it clear how the attackers were able to gain a foothold in the
company’s network.

 The spokesperson from Enel said, “The Enel Group informs that on
Sunday evening there was a disruption on its internal IT network,
following the detection, by the antivirus system, of ransomware."

 "As a precaution, the company temporarily isolated its corporate
network in order to carry out all interventions aimed at eliminating
any residual risk. The connections were restored safely on Monday
early morning."

 “Enel informs that no critical issues have occurred concerning the
remote control systems of its distribution assets and power plants,
and that customer data have not been exposed to third parties.
Temporary disruptions to customer care activities could have occurred
for a limited time caused by the temporary blockage of the internal IT
network.”

When SNAKE attacks and infects a system, it runs checks on domains and
IP addresses to determine if it's working on the correct network, if
not then the ransomware withdraws and doesn't perform encryption.

Oleg Kolesnikov, a threat researcher at Securonix Research Lab,
Securonix says that SNAKE is different from its family of the virus in
the way it uses "relatively high amount of manual effort/targeting
typically involved in the operator placement activity, which can
sometimes enable them to have a bigger impact on the victims."

More information about the BreachExchange mailing list