New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure
Dan Goodin reports on yet another sinister development involving ransomware attacks and strains:
A ransomware strain discovered last month and dubbed Ekans contains the usual routines for disabling data backups and mass-encrypting files on infected systems. But researchers at security firm Dragos found something else that has the potential to be more disruptive: code that actively seeks out and forcibly stops applications used in industrial control systems, which is usually abbreviated as ICS. Before starting file-encryption operations, the ransomware kills processes listed by process name in a hard-coded list within the encoded strings of the malware.
Read more on Ars Technica.