EKANS ransomware emerged in mid-December 2019. While relatively straightforward as a ransomware sample in terms of encrypting files and displaying a ransom note, EKANS featured additional functionality to forcibly stop a number of processes, including multiple items related to ICS operations. While all indications at present show a relatively primitive attack mechanism on control system networks, the specificity of processes listed in a static “kill list” shows a level of intentionality previously absent from ransomware targeting the industrial space.


Incidents Caused by this Malware

  • June 9, 2020: Honda Manufacturing Attack
  • June 7, 2020: Enel Group Internal IT Network Disruption

Threat Actors Known to use this Malware

No threat actors identified

Pin It on Pinterest

Scroll to Top