TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

SNAKE Ransomware Is the Next Threat Targeting Business Networks

【図表】



出典: https://malpedia.caad.fkie.fraunhofer.de/details/win.snake


【概要】

項目
内容
言語 Golang
機能 コンピューターのシャドウボリュームコピーを削除
SCADAシステム、仮想マシン、産業用制御システム、リモート管理ツール、ネットワーク管理ソフトウェアなどに関連する多数のプロセスを強制終了
デバイスのファイルの暗号化
拡張子 5文字の文字列をファイル拡張子に追加
判別方法 EKANS という文字列を最後尾に付加(Snakeの逆)
脅迫文 C:\ Users \ Public \ Desktop\Fix-Your-Files.txt (暗号完了後に生成)


【ニュース】

◆SNAKE Ransomware Is the Next Threat Targeting Business Networks (BleepingComputer, 2020/01/08 03:30)
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/


【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)

◆ランサムウェア (まとめ)
https://malware-log.hatenablog.com/entry/Ransomware

 ◆プログラミング言語 (まとめ)

◆Golang (まとめ)
https://malware-log.hatenablog.com/entry/Golang


【インディケータ情報】

■ハッシュ情報(Sha256) - Snake Ransomware -

e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60

(以上は MalwareHunterTeam の情報: 引用元は https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/ )


■脅迫文 - Snake Ransomware -

                                                                                      • -
What happened to your files?
                                                                                      • -

We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more -

all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But dont worry!

You can still get those files back and be up and running again in no time.

                                                                                        • -
How to contact us to get your files back?
                                                                                        • -

The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network.

Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with

better cyber security in mind. If you are interested in purchasing the decryption tool contact us at bapcocrypt@ctemplar.com

                                                                                                            • -
How can you be certain we have the decryption tool?
                                                                                                            • -

In your mail to us attach up to 3 files (up to 3MB, no databases or spreadsheets).

We will send them back to you decrypted.


■脅迫文 - Snake Ransomware -

Fix-Your-Files.txt


【検索】

google:e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60


【VT検索】

https://www.virustotal.com/gui/file/e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023