Russian hacker group Evil Corp targets American workers at home

KeyboardImage copyright


A Russian citizen is accused of carrying out attacks on behalf of the Russian state

A group of Russian hackers are launching ransomware attacks against several American companies, targeting employees who work from home due to Covid-19.

Evil Corp hackers have attempted to access at least the networks of 31 organizations to freeze systems and demand a ransom of millions of dollars.

The two alleged leaders of the group were indicted by the United States Department of Justice in December 2019.

There is concern that US voting systems may also be under attack.

Last year, US authorities filed charges against suspected Evil Corp leaders Maksim Yakubets and Igor Turashev, accusing them of using malware to steal millions of dollars from groups such as schools and religious organizations in more than 40 countries.

Authorities announced a $ 5 million reward for the information that led to his arrest, which they say was the highest amount offered by a cybercriminal. Both men are still at large.

Image copyright
United States Department of Justice


Maksim Yakubets (L) and Igor Turashev are accused of directing Evil Corp

The threat comes when the majority of Americans have been working from home due to the coronavirus pandemic, 62% according to a Gallup poll.

The US presidential election is also just a few months away, and federal and local officials have been working to implement measures to protect voter records, as well as to administer safe voting practices in the midst of the pandemic.

What do we know about the attack?

Symantec Corporation, a company that monitors corporate and government networks, issued a warning notice of the threat it identified on Thursday night.

The attacks used what Symantec described as a relatively new type of ransomware called WastedLocker, which has been attributed to Evil Corp. Ransomware are computer viruses that threaten to delete files unless the ransom is paid. The WastedLocker ransomware virus demands ransoms of $ 500,000 to $ 1m to unlock the computer files it confiscates.

Symantec said “the vast majority of targets are large corporations, including many well-known names,” and eight targets were Fortune 500 companies. All are owned by the United States, but one, which is a subsidiary based in the United States.

Most of the selected companies were in the manufacturing, information technology and media sectors.

Media playback is not supported on your device

Media captionTechnology explained: what is ransomware?

Symantec said hackers had breached these companies’ networks and were “laying the groundwork” for future ransomware attacks that would allow them to block access to data and demand millions of dollars.

Symantec chief technical officer Eric Chien told the New York Times that hackers take advantage of employees who now use virtual private networks (VPNs) to access work systems.

They use VPN to identify which company a user works for and then infect the user’s computer when they visit a public or commercial site. When the user connects to their employer’s system, hackers can attack.

What is the context?

There have been a number of recent cyber attacks against local governments across the United States.

Cities and towns in Louisiana, Oregon, Maryland, Georgia, Texas and Florida were attacked by ransomware attacks last year.

The Department of Homeland Security is seeking to safeguard voter registration databases before the Nov. 3 general election. In February, the agency’s head of cyber security said this was a key electoral security concern.

These attacks by foreign cyber criminals are far from a new threat.

During last year’s impeachment investigation, former White House security adviser and Russia expert Fiona Hill stated that “Russia’s security services and their representatives have prepared to repeat their interference in the election of 2020 “.

In 2018, the Justice Department accused 12 Russian intelligence officers of hacking Democratic officials in the 2016 US election, using phishing emails and malicious software.

Hackers also stole data from half a million voters from a state board site. Moscow has said there is no evidence linking the 12 to military intelligence or piracy.