A Russian hacker group is launching ransomware attacks on a number of U.S. companies, targeting employees working from home because of Covid-19.
Evil Corp hackers have tried to access at least 31 networks of organizations in order to paralyze the systems and demand the ransom of millions of dollars.
The two alleged group leaders were indicted by the United States Department of Justice in December 2019.
There are concerns that US voting systems may also be targeted.
Last year, U.S. authorities filed charges against alleged Evil Corp leaders Maksim Yakubets and Igor Turashev, accusing them of using malware to steal millions of dollars from groups including schools and religious organizations in over 40 countries.
Officials announced a $ 5 million reward for the information that led to their arrest, which they said was the largest sum ever offered to a cybercriminal. Both men are still at large.
The threat comes since most Americans have worked from home because of the coronavirus pandemic – 62% according to a Gallup survey.
U.S. presidential elections are also a few months away, and federal and local officials have worked to put in place measures to protect voter registers and manage safe voting practices amid the pandemic.
What do we know about the attack?
Symantec Corporation, a company that monitors corporate and governmental networks, issued a warning about the threat identified Thursday night.
The attacks used what Symantec described as a relatively new type of ransomware called WastedLocker, which was attributed to Evil Corp. Ransomware are computer viruses that threaten to delete files unless the ransom is paid for. The WastedLocker ransomware virus requires ransoms of $ 500,000 to $ 1 million to unlock seized computer files.
Symantec said that “the vast majority of targets are large corporations, including many family names,” and that eight targets were Fortune 500 companies. All are owned by the United States, except one, which is a US-based subsidiary. US.
The companies most affected were in the manufacturing, IT and media sectors.
Symantec said that hackers have violated these companies’ networks and are “laying the foundation” for future ransomware attacks that would allow them to block access to data and request millions of dollars.
Symantec technical director Eric Chien told The New York Times that hackers are exploiting employees who now use virtual private networks (VPNs) to access work systems.
They use VPNs to identify which company a user works for, then infect the user’s computer when they visit a public or commercial site. When the user subsequently connects to their employer’s system, hackers can attack.
What is the context?
There have been numerous recent cyber attacks on local governments in the United States.
Cities in Louisiana, Oregon, Maryland, Georgia, Texas and Florida were hit by ransomware attacks last year.
The National Security Department is examining the protection of voter registration databases before the general election on November 3. In February, the agency’s head of cyber security said it was a key concern for electoral security.
These attacks by foreign cybercriminals are far from being a new threat.
During last year’s impeachment investigation, former White House security adviser and Russian expert Fiona Hill testified that “Russia’s security services and their delegates prepared to repeat their interference. in the 2020 elections. “
In 2018, the Justice Department accused 12 Russian intelligence officials of violating democratic officers in the 2016 American election, using spear phishing emails and malicious software.
Hackers also stole data on half a million voters from a state electoral council website. Moscow said there is no evidence linking the 12 to military intelligence or hacking.