Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing sites, and electrical and power grids. Although there have been a few successful attacks against ICS in the past, including the destruction of a nuclear enrichment centrifuge in Iran and a blackout in the Ukraine, this appears to be the first time malware specifically designed to target ICS has been discovered.
According to the security researchers and as reported by Wired, EKANS targets ICS and encrypts the ICS data, displaying a ransom note demanding payment, and then terminating 64 different software processes, allowing it to encrypt all files. In addition, the malicious code can actually destroy the software used to monitor the ICS, including pipelines, which means that monitoring or controlling ICS equipment could be interrupted or become impossible, which could have dangerous and devastating consequences.
There is some speculation about who is behind EKANS, but security researchers warn that if EKANS is not state-sponsored, then it is even more concerning. The Wired article notes that “It would represent the first-ever industrial control system malware deployed by non-state cybercriminals.”