A ransomware attack (bearing the mark of EKANS) on The Enel Group was detected, on the 7th June.
First, who are the Enel Group? Well, the Enel Group is a multinational company that specialises in electricity generation as well as the distribution of electricity and natural gas. It has its roots in Rome and was first established at the end of 1962.
The company apparently confirmed its internal network was affected by a ransomware attack, which was caught by their antivirus software before the included malware could take effect. The company had to isolate its network for a short time.
David Emm, a security researcher at Kaspersky, commented: “While the company hasn’t confirmed which ransomware, there have been reports that it is SNAKE, which has been used in the past in targeted ransomware attacks. Nor is it clear how the attackers were able to gain a foothold in the company’s network. The disruption appears to have been limited and related to the measures taken by Enel to deal with the infection.”
“Hackers seek to exploit vulnerabilities they can find in a system, including human fallibilities, to infiltrate networks – for many types of cyber-attack. So it’s vital that companies take steps to make their network as resilient as possible.”
Emm gave this advice:
- Educate staff about the risks of opening attachments or links in unsolicited messages.
- Protect all devices.
- Apply updates to operating systems and applications.
- Backup data regularly and ensure that backup drives are kept offline.
- Limit access to the network, and data stored on it, to those who truly need it.
- Ensure that staff use complex, unique passwords and multi-factor authentication to access corporate systems.
In a comment, The Enel Group said isolating the network was to “carry out all interventions aimed at eliminating any residual risk” and that all connectivity was restored early, on the 8th of June.
A company spokesperson said: “The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of a ransomware. … Enel informs that no critical issues have occurred concerning the remote control systems of its distribution assets and power plants, and that customer data have not been exposed to third parties.”
Enel was unavailable for any further explanation and didn’t comment on the type of ransomware used in the attack, though a researcher identified ransomware as SNAKE/EKANS.
Ekans (Japanese: アーボ) is a Poison-type Pokémon, introduced in Generation One. It evolves into Arbok, starting at level 22. If you have any questions about this article, please contact the Samurai team here.