Starting off 2020 is yet another new ransomware strain dubbed SNAKE. Discovered by MalwareHunterTeam, this enterprise-targeting malware is going after big business. SNAKE starts by removing the system's Shadow Volume Copies, then kills any processes "related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more."
SNAKE then encrypts all of the computer's files, except for certain system files. Researchers observed that it took longer than most other ransomware strains to finish the encryption process. The encrypted files are appended with five random characters after the file extension. The malware also adds an "EKANS" (SNAKE in reverse) file marker to each encrypted file.
Once the files are encrypted, SNAKE leaves the ransom note (Fix-Your-Files.txt) in the public Desktop folder. No specific ransom amount is quoted in the note, but a contact email address is provided, as well as instructions on how to get proof that the attackers have a working decryption key. Researchers also point-ed out that the wording of the ransom note may indicate that the decryption key is meant for the entire affected network, not just single systems.
At this time there is no free decryptor available, but researchers are working on it. For now, awareness is key as few details on infection vectors have been re-leased. If a link, email, or attachment looks suspicious, don't open it - report it. See something, say something.