Looks like the Snake ransomware was created especially for network-wide attacks .
What we know about the Snake Ransomware
Like most ransomware, Snake doesn’t touch your operating system files and programs, so your computer will still boot up, log in, and let you open your favourite apps, so that in purely technical terms you have a working system
…but all your important data files, such as documents, spreadsheets, photos, videos, music, tax returns, business plans, accounts payable and accounts receivable, are scrambled with a randomly chosen encryption key.
When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more.
Scrambled files consist of the encrypted content written back over the original data, with decryption information added at the end:
Since network administrators didn’t already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.
Snack Ransomware main target : SMB Enterprise targeting, or big-game hunting, ransomware are used by threat actors that infiltrate a business network, gather administrator credentials, and then use post-exploitation tools to encrypt the files on all of the computers on the network.
Snake Ransomware Filename and directory
. SNAKE all file.
What happened to your Document files?
Snack Ransomware file recover possible?
No.
What to do?
- Don’t run unexpected attachments.
- Don’t open up remote access to your network unless you really mean to
- Don’t ignore warning signs in your security logs.
- Don’t let users talk you into softening up login security.
- Don’t rely entirely on real-time, online backups.
- Don’t Use remote app like Windows Remote desktop, Anydesk, Ammy admin, Teamview etc.