Saturday, 25 June, 2022
HomeWorldNew ransomware 'Snake' linked to Iran, Israeli firm says it targets industrial...

New ransomware ‘Snake’ linked to Iran, Israeli firm says it targets industrial systems

Israeli cybersecurity firm said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines.

Text Size:

Jerusalem: An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.

Tel Aviv-based Otorio, a cybersecurity firm which specializes in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. But it also removes all file copies from infected stations, preventing the victims from recovering encrypted files.

Snake, which was recently discovered, searches for hundreds of specific programs — including many industrial processes that belong to General Electric Co. — in order to terminate them and allow it to encrypt the files, Otorio said.

“Deleting or locking targeted ICS processes would prohibit manufacturing teams from accessing vital production-related processes including analytics, configuration and control,” Otorio said in a statement. “This is the equivalent of both blindfolding a driver and then taking away the steering wheel.”

Multiple calls to the Iranian Foreign Ministry went unanswered.

In a statement, a General Electric representative said, “GE is aware of reports of a ransomware family with an industrial control system specific functionality. Based on our understanding, the ransomware is not exclusively targeting GE’s ICS products, and it does not target a specific vulnerability in GE’s ICS products.”

GE would work with customers to provide support as needed, the representative said.

Otorio researchers began investigating the ransomware earlier this month and soon realized it was one of the first designed to target the industrial sector. As they dug further, the researchers found that Bahrain Petroleum Co. — known as Bapco for short – was potentially vulnerable to this new cyber threat.

Not only does Bapco use GE equipment, its name was found in the malware’s code, Otorio said.

“There are findings and fingerprints inside the malware that when taken into account with the circumstances surrounding this campaign make it highly unreasonable that Snake was carried out by a different actor other than Iran,” the Otorio report said.

Boosting the researchers’ confidence that the Snake originated in Iran was an alleged separate attack on Bapco carried out in parallel with the finding of Snake.

“It is highly unlikely that a Gulf-area company will be attacked by two different potent actors, each targeting a different part of the organization at the same time,” the researchers said in an email.

Multiple calls to Bapco went unanswered.

Otorio Chief Executive Officer Danny Bren, former joint chief of cyber defense in the Israeli military, said that an Iranian choice of Bapco as a potential target wouldn’t be incidental.

“The target was picked carefully because they want to change oil prices,” he said. “This is financial warfare. The world is putting a lot of financial tension on Iran and they are reacting with the same tool.”

Former U.S. officials and security experts have expressed concern that Iran may be considering a cyber-attack against the U.S. or its allies after an American airstrike in Baghdad earlier this month killed Qassem Soleimani, the Iranian major general who led the Islamic Revolutionary Guard’s Quds force. Iran holds an arsenal of malware, and Otorio said Snake was likely created before the general’s assassination.-Bloomberg

Also read: Iran’s bid to integrate with global economy coming to an end


Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism

Most Popular