What is EKANS — and what does it want from you?

It wants your money. And it’s willing to put lives at risk to do it.

We’re answering your security question, “What is EKANS?”

It’s an unusual ransomware that attacks not just office computers, but also the more sensitive industrial computers — and that can mean trouble.

Watch here:



Backwards Snake Attack

The letters “EKANS” appear in the ransomware, thus the name. EKANS is “SNAKE” backwards.

Like its other ransomware friends, EKANS takes over computers, scrambles the files, and demands money to get them back.

But this backwards snake has a special feature. It likes not only your typical office computers, but also industrial computers, like the ones that help run your power plants, gas pipelines and factories.

If EKANS scrambles industrial computer files, it could make things risky enough that the machines have to shut down for safety.

You really don’t want industrial machines to go out of control — they can damage equipment and hurt or kill people.

When EKANS Strikes 

Reports say the sneaky snake hit Honda in June, with the company shutting down some of its factories around the world.

EKANS also hit the large energy company Enel the same day, though with much less dramatic results.

Researchers found that the EKANS attackers are improving their tool, adding new tricks to make it more deadly to your data, like the ability to control your protective firewall.

Risky Ransom

You don’t want this backwards snake sliding into your computers.

Experts say you should make a plan to deal with ransomware before it happens so you can restore your data safely without paying ransom.

Pay up and you might get your data back. And it might have hidden malware inside, just waiting for its next chance to bite.

Plus, paying ransom encourages attackers to take more computers hostage.

Charming the Snake

You can help stop EKANS and other ransomware, no matter where you work, with steps like these:

—Avoid clicking on links in email. If an email requests that you reset your password, go to the site directly instead of clicking.

—Verify email attachments before you open them. 

—Do not follow instructions that ask you to disable macros without checking with your IT team. Disabling macros can lead to ransomware infections from infected attachments.

Also watch out for spear phishing, where attackers send you messages personally designed to get you to click.

Be aware that attackers may scour social media for clues to prepare an email they think will make you click.


See also:

What is an air gap?

What is SIS?

What is an HMI?

What is a PLC?

What is ICS?

What is SCADA?


Main image: Green tree python in its yellow phase. Image: PetlinDmitry/iStock

Leave a Reply