In This Article:
(Bloomberg) -- An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.
Tel Aviv-based Otorio, a cybersecurity firm which specializes in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. But it also removes all file copies from infected stations, preventing the victims from recovering encrypted files.
Snake, which was recently discovered, searches for hundreds of specific programs -- including many industrial processes that belong to General Electric Co. -- in order to terminate them and allow it to encrypt the files, Otorio said.
“Deleting or locking targeted ICS processes would prohibit manufacturing teams from accessing vital production-related processes including analytics, configuration and control,” Otorio said in a statement. “This is the equivalent of both blindfolding a driver and then taking away the steering wheel.”
Multiple calls to the Iranian Foreign Ministry went unanswered.
In a statement, a General Electric representative said, “GE is aware of reports of a ransomware family with an industrial control system specific functionality. Based on our understanding, the ransomware is not exclusively targeting GE’s ICS products, and it does not target a specific vulnerability in GE’s ICS products.”
GE would work with customers to provide support as needed, the representative said.
Otorio researchers began investigating the ransomware earlier this month and soon realized it was one of the first designed to target the industrial sector. As they dug further, the researchers found that Bahrain Petroleum Co. -- known as Bapco for short - was potentially vulnerable to this new cyber threat.
Not only does Bapco use GE equipment, its name was found in the malware’s code, Otorio said.
“There are findings and fingerprints inside the malware that when taken into account with the circumstances surrounding this campaign make it highly unreasonable that Snake was carried out by a different actor other than Iran,” the Otorio report said.
Boosting the researchers’ confidence that the Snake originated in Iran was an alleged separate attack on Bapco carried out in parallel with the finding of Snake.
“It is highly unlikely that a Gulf-area company will be attacked by two different potent actors, each targeting a different part of the organization at the same time,” the researchers said in an email.
Multiple calls to Bapco went unanswered.