Russian hacker group Evil Corp has successfully breached 31 major American corporations with new ransomware attack that targets employees working from home during COVID-19 pandemic
- Russian hacker group Evil Corp has infiltrated 31 major American companies
- The breach also includes eight Fortune 500 companies
- The attack locks companies out of their own networks and demands a ransom
- The attack appears to be targeting only people working from home through VPN
The notorious Russian hacking group Evil Corp has breached 31 major American corporations with a new ransomware attack targeting employees working from home.
The cybersecurity firm Symantec first announced the breach and attributed it to a sophisticated new ransomware called WastedLocker.
The company has declined to disclose the identities of the targeted companies, but they include eight Fortune 500 companies and one major news publication.
Russian hacking group Evil Corp has launched a new wave of ransomware attacks that has affected at least 31 major American corporations, including eight Fortune 500 companies
‘[T]hese hackers have a decade of experience and they aren’t wasting time with small, two-bit outfits,’ Symantec’s Eric Chien told the New York Times.
‘They are going after the biggest American firms, and only American firms.’
According to Symantec, the ransomware is first downloaded on a worker’s computer after clicking a malicious software update window.
Once installed on the person’s computer, the ransomware begins unlocking permissions on the remote corporate network the person is connected to, with the goal of eventually locking the entire company out of its own systems to extract a ransom payment.
According to Symantec, the software update window that initiates the entire process has come from from any one of 150 legitimate websites whose security Evil Corp has breached.
Called WastedLocker, the ransomware attack appears to be targeting only people working from home who are connected to their employer’s corporate networks through VPN, and appears as a software update window launched from one of 150 legitimate websites
WHAT IS RANSOMWARE?
Cybercriminals use ‘blockers’ to stop their victim accessing their device.
This may include a mesage telling them this is due to ‘illegal content’ such as porn being identified on their device.
Anyone who has accessed porn online is probably less likely to take the matter up with law enforcement.
Hackers then ask for money to be paid, often in the form of Bitcoins or other untraceable cryptocurrencies, for the block to be removed.
In May 2017, a massive ransomware virus attack called WannaCry spread to the computer systems of hundreds of private companies and public organisations across the globe.
While surfing through one of these websites, the software update window will appear and if clicked it will secretly redirect to a separate web host containing the ransomware.
Analysis of the files so far discovered through Symantec’s research suggests that Evil Corp is only targeting only users who have connections to a virtual private network, or VPN, a common way for remote workers to access corporate systems.
According to Chien, WastedLocker is part of a major expansion in hacking attempts focused specifically at major American business and government services in recent months.
‘Security firms have been accused of crying wolf, but what we have seen in the past few weeks is remarkable,’ Chien said.
‘Right now this is all about making money, but the infrastructure they are deploying could be used to wipe out a lot of data — and not just at corporations.’
In the past Evil Corp has been connected to a wide range of ransomware attacks, including a 2019 fraud scheme that saw the group collect more than $100million from banks in 40 different countries.
Two of Evil Corps’ members have open indictments against them in the US, and the US State Department has a standing offer of $5million for information that could lead to the arrest of Evil Corps’ leadership.