Enel Group, a power company, was menaced by a ransomware attack by EKANS (SNAKE) ransomware operators, that affected its internal network, cautioned recent reports.
The EKANS (SNAKE) ransomware attack on The Enel Group was first detected on June 7.
The company reportedly confirmed its internal IT network was subject to a ransomware attack, which fortunately was detected by antivirus software before the malware could infect.
Dealing with this the incident meant the company had to isolate its corporate network for a while.
David Emm, Principal Security Researcher at Kaspersky, commented “While the company hasn’t confirmed which ransomware, there have been reports that it is SNAKE, which has been used in the past in targeted ransomware attacks. Nor is it clear how the attackers were able to gain a foothold in the company’s network.
“The disruption appears to have been limited & related to the measures taken by Enel to deal with the infection.
“Hackers seek to exploit vulnerabilities they can find in a system, including human fallibilities, to infiltrate networks – for many types of cyber-attack. So, it’s vital that companies take steps to make their network as resilient as possible.”
Emm suggested the following protocols for companies:-
- Protect all corporate devices
- Apply updates to operating systems & applications
- Limit access to the network, & data stored on it, to those who need it
- Ensure that staff use complex, unique passwords & multi-factor authentication to access corporate systems
- Backup data regularly & ensure that backup drives are kept offline
- Educate staff about the risks of clicking on attachments or links in unsolicited messages
The Enel Group has now released a statement that observed that isolating the network was to “carry out all interventions aimed at eliminating any residual risk” & that all connectivity was restored early on June 8.
The company spokesperson then continued “The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of a ransomware.
“As a precaution, the company temporarily isolated its corporate network in order to carry out all interventions aimed at eliminating any residual risk. The connections were restored safely on Mon. early morning.
“Enel informs that no critical issues have occurred concerning the remote-control systems of its distribution assets & power plants, & that customer data have not been exposed to third parties. Temporary disruptions to customer care activities could have occurred for a limited time caused by the temporary blockage of the internal IT network.”
Enel were unavailable for any further explanation. & did not comment on the name of the ransomware used in the attack, although a researcher supposedly identified a SNAKE/EKANS sample.