Skip to main content

Warning: Russian hackers may be trying to target you with ransomware. Here’s how

Russian hackers are trying to take advantage of the millions of employees working from home because of shelter-in-place orders.

Security firm Symantec said this week that it had discovered and then notified businesses that the Russian hacking group Evil Corp has been targeting remote employees with so-called ransomware attacks.

In a typical ransomware attack, criminals sends victims an email—often created to look like it’s from a colleague—that contains a link to a malicious site. When users accesses the fraudulent site, criminals can then take over their computers and demand payment—typically in cryptocurrency like Bitcoin—to regain control of their devices.

In the case of Evil Corp’s ransomware attack, Symantec said the hackers wanted to “cripple” a company’s “IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion dollar ransom.”

Symantec said that 31 U.S.-based organizations were compromised in the latest series of attacks, “eight of which are Fortune 500 companies.” The security firm did not reveal the names of the impacted organizations nor whether they paid any ransoms. The security firm said that while the hackers “breached the networks of targeted organizations,” the criminals were only “in the process of laying the groundwork for staging ransomware attacks,” implying that they didn’t complete their intended extortion plans. 

This recent hacking attempt used a specific type of ransomware known as WastedLocker, which Symantec said was developed by Evil Corp. Two of Evil Corp’s alleged members have been previously charged by the U.S. Department of Justice for a separate “decade-long cybercrime spree” affecting unspecified banks and financial firms, Symantec said.

Eric Chien, Symantec’s technical director, said in an interview with The New York Times, that hackers were able to launch ransomware attacks on workers via malware that “was deployed on common websites and even one news site,” without describing those compromised websites containing the malicious code. From those compromised websites, users inadvertently download a bogus software update that installs the malware onto their computers.

That malware inspects people’s computers to see if they have installed a corporate virtual private network, or VPN, that businesses typically require their remote employees to use in order to access sensitive corporate data. The malware learns the name of the employee’s company from the VPN and is then able to infect people’s computers once those workers visit another website. 

“Once the machine is reconnected to the corporate network, the code is deployed, in hopes of gaining access to corporate systems,” the Times said.

More must-read tech coverage from Fortune:



from Fortune https://ift.tt/3i6XqWg
Labels:

Comments

Post a Comment

Popular posts from this blog

Photo finish: Crashing sales force Olympus to sell iconic camera business

Sometimes, the vicissitudes of capitalism force companies to exit the businesses for which they’re best known. Olympus, once a leading light in the photography industry, is now joining that list. On Wednesday, the company said it planned to quit its 84-year-old camera business. The imaging giant, known for its once-pervasive digital cameras, agreed to sell off the declining unit by year’s end. Japan Industrial Partners, a private equity firm best known for buying Sony’s struggling Vaio computer line in 2014, agreed to purchase the business. Terms of the deal were not disclosed. A glance at Olympus’s financial statements provides all the rationale for the divestiture; as at rival manufacturers, camera sales have plummeted over the past decade. For the fiscal year ended March 31, Olympus’s camera unit declined 10% versus the year prior to  ¥43.6 billion, or $407 million. The unit’s sales have collapsed by three-quarters from a decade ago, when the company brought in ¥175 bill...
Post a Comment
Read more

WHO says common steroids can slash death risk for the sickest coronavirus patients

Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism,  subscribe today . An old drug can learn new tricks during the coronavirus pandemic. That’s the main takeaway from the World Health Organization (WHO) in a new analysis of corticosteroids—a class of drugs which have existed for dozens of years and are far cheaper than new, experimental COVID treatments in development—suggesting that drugs like dexamethasone can slash the chances of COVID-19 related deaths by as much as 35% in the sickest patients. The WHO analysis of coronavirus drugs encompassed seven separate studies. And while an analysis of this sort—what’s called a “meta-analysis”—isn’t as rigorous as other types of trials like a randomized controlled study, the data are compelling. Corticosteroids have a very different action mechanism from many of the other coronavirus drugs in development. COVID-19 is a peculiar disease. Some who have been infected ma...
Post a Comment
Read more