Ekans ransomware was first discovered in mid-December 2019. Ekans has been identified as a variant of MegaCortex, which was originally discovered in January of 2019 and updated in June 2019 to exhibit similar capabilities of Ekans ransomware.
The Ekans ransomware capabilities go beyond traditional file encryption, scouring systems in search of critical processes in order to kill the processes associated with ICS operations. The target includes critical processes used by Proficy, Erlang, Nimsoft, FlexNet as well as many similar software and resources.
With no autonomous propagation mechanism, the malware relies on email, internet download or script to propagate further emphasizing the importance of proper security controls and effective segmentation policies between the information technology (IT) network and the operational network (OT).
If you are interested in learning about other Ransomware families that we have published research reports on you can read more here