The Enel Group, a power, and sustainability company were hit by EKANS (SNAKE) ransomware on June 7th affecting its internal network.
The company confirmed that their internal network was disrupted consequently had to isolate their corporate network segment but their security system caught the malware before it could infect and encrypt.
The EKANS (SNAKE) group was also responsible for a similar attack on Honda, a few days back.
The company recovered from the attack quite swiftly and all communication and network were restored the next day.
Though Enel didn’t disclose which ransomware attacked them, security researchers are placing their bets on SNAKE. David Emm, a principal security researcher at Kaspersky, said: “While the company hasn’t confirmed which ransomware, there have been reports that it is SNAKE, which has been used in the past in targeted ransomware attacks. Nor is it clear how the attackers were able to gain a foothold in the company’s network.
The spokesperson from Enel said, “The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of ransomware.”
“As a precaution, the company temporarily isolated its corporate network in order to carry out all interventions aimed at eliminating any residual risk. The connections were restored safely on Monday early morning.”
“Enel informs that no critical issues have occurred concerning the remote control systems of its distribution assets and power plants, and that customer data have not been exposed to third parties. Temporary disruptions to customer care activities could have occurred for a limited time caused by the temporary blockage of the internal IT network.”
When SNAKE attacks and infects a system, it runs checks on domains and IP addresses to determine if it’s working on the correct network, if not then the ransomware withdraws and doesn’t perform encryption.
Oleg Kolesnikov, a threat researcher at Securonix Research Lab, Securonix says that SNAKE is different from its family of the virus in the way it uses “relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims.”