In recent months, researchers have caught ransomware “intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely,” reports Ars Technica. According to researchers at the security firm Drago, the ransomware tries to kill 64 different processes, the names of which are all hard-coded within the malware.
Long-time Slashdot reader Garabito shared Ars Technica’s report:
It remains unclear precisely what effect the killing of those processes would have on the safety of operations inside infected facilities… Monday’s report described Ekans’ ICS targeting as minimal and crude because the malware simply kills various processes created by widely used ICS programs. That’s a key differentiator from ICS-targeting malware discovered over the past few years with the ability to do much more serious damage. One example is Industroyer, the sophisticated malware that caused a power outage in Ukraine in December 2016 in a deliberate and well-executed attempt to leave households without electricity in one of the country’s coldest months…
Another reason Dragos considers Ekans to be a “relatively primitive attack” is that the ransomware has no mechanism to spread. That makes Ekans much less of a threat than ransomware such as Ryuk, which quietly collects credentials for months on infected systems so it can eventually proliferate widely through almost all parts of a targeted network.