A ransomware gang by Russia, who was confronted by the US Department of Justice in December, began to attack government, in large companies and in an American news organization. The Russians hackers trying to get into their networks, targeting employees working from home.
Recent attacks have been identified by Symantec Corp.., a part of it Broadcom. In an urgent warning issued Thursday night, the company said that Russians hackers took advantage of the sudden change in American work habits to introduce malicious code into corporate networks.
Ransomware is a major issue in the United States. Many local governments (Atlanta, Baltimore, Texas, Florida, etc.) have been attacked by ransomware. However, these attacks are taking on new dimensions as they approach elections. The Interior Ministry is trying to secure them systems vote, because there are concerns that foreign criminals will try to attack the systems to cause chaos in its elections 3th November.
Recent ransomware attacks are aimed at financial gain. However, they could be used to delete data and shut down systems for both companies and government agencies. A warning FBI, on May 1, said ransomware attacks on U.S. government networks are likely to threaten data availability on interconnected servers elections, even if that is not the intention of the criminals. It's something that has happened again in the past.
Symantec did not give the names of the companies-organizations that fell victim to the Russian hackers. However, he said he had already located 31 victims, including major US brands and Fortune 500 companies.
According to the warning, these Russian hackers have at least 10 years of experience and do not waste time with small Companies. They only hunt them largest US companies.
The name of the hacking team is "Evil Corp.". In December, the Justice Ministry said Russian hackers had been involved in countless crimes by developing malware for stealing tens of millions of dollars from online banking systems. The finance ministry has imposed fines and the government has offered $ 5 million to provide information that would lead to the arrest or conviction of the group's leader.
According to Symantec, recent attacks have targeted employees working from home (mainly due to COVID-19).
The malware has been developed on websites. But it doesn't infect everyone user doing online shopping or reading the news of the day. Instead, the malware code looks for a sign that indicates that the computer is part of a large corporate or governmental network. For example, many companies tell employees them to use one VPN, a protected channel that allows employees to connect to corporate systems, as if they were in the office.
"These attacks are not trying to get into the VPN," the researchers said. "It simply came to our notice then determine who the user is working for“. Subsequently, systems wait for employee to go to a public or commercial website to infect their computer. Once the machine is reconnected to the corporate network, the code is developed in the hope of gaining access to corporate systems.
In the last month, there have been other ransowmare attacks by this group.