SNAKE Ransomware Affected Enel Group's Internal Network | Tripwire

SNAKE Ransomware Affected Enel Group's Internal Network

Posted on June 12, 2020
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Italian multinational energy company Enel Group suffered a SNAKE ransomware infection that affected its internal network. According to a statement issued by Enel Group, the ransomware attack first registered with the energy company on June 7 when its internal IT network suffered a disruption. A spokesperson for the company said that officials isolated its corporate network to address the infection. Officials then restored those connections on June 8. As quoted in a statement shared by Bleeping Computer:
The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of a ransomware. As a precaution, the Company temporarily isolated its corporate network in order to carry out all interventions aimed at eliminating any residual risk. The connections were restored safely on Monday early morning.Enel informs that no critical issues have occurred concerning the remote control systems of its distribution assets and power plants, and that customer data have not been exposed to third parties. Temporary disruptions to customer care activities could have occurred for a limited time caused by the temporary blockage of the internal IT network.
The spokesperson for Enel Group did not provide details on what type of crypto-malware was involved in the attack or how the ransomware had infiltrated the company's network.
logo-enel-v2.png
As reported by Bleeping Computer, a security researcher who goes by the handle "Milkream" found a SNAKE sample submitted to VirusTotal on June 7. Analysis revealed that that sample checked for "enelint.global," a domain owned by Enel Group and which redirected to the company's international page. Additionally, security researcher Germán Fernández found exposed Remote Desktop Protocol (RDP) connections that pertained to machines on “enelint.global." It's therefore possibly that SNAKE infiltrated the company via those open connections. Having arrived about a month after news of a worldwide SNAKE campaign, the attack described above highlights the need for organizations to defend themselves against a ransomware attack. They can do so by taking steps to prevent a ransomware infection in the first place.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!