Ensiko Malware Targets and Encrypts Multiple Platforms
NJCCIC Alert
Original Release Date: 7/30/2020
Summary
Researchers from Trend Micro discovered a password-protected webshell, dubbed Ensiko, that targets multiple platforms, including Windows, macOS, Linux, and any other platform with PHP installed. Ensiko exploits web application vulnerabilities or gains access to an already-compromised web server, and then remotely controls the system and encrypts files using the Rijndael encryption algorithm. The malware has a long list of capabilities, including scanning servers for the presence of other webshells, defacing websites, sending mass emails, downloading remote files, disclosing affected server information, overwriting files with specified extensions, and running brute-force attacks on FTP, cPanel, and Telnet.
Recommendations
The NJCCIC recommends users adopt a defense-in-depth cybersecurity strategy, keep systems patched and up to date, maintain cybersecurity best practices, ensure a comprehensive data backup plan is established, and apply the additional recommendations provided in the NJCCIC Ransomware: Risk Mitigation Strategies guide. Technical details and Indicators of Compromise (IoCs) can be found in the Trend Micro blog post.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.