HomesecurityNews sites violated due to WastedLocker ransomware attacks!

News sites violated due to WastedLocker ransomware attacks!

The Russian gang "Evil Corp", also known as "Dridex", violated dozens of news sites of USA belonging to the same company, with the aim of infecting employees of more than 30 major private companies in the country, using false information notices software appearing from malicious SocGholish JavaScript-based framework. The computers of the employees of these companies were used as a means for the invasion of the gang in the corporate networks, within a series of drive-by attacks. Symantec confirms news that dozens of US news sites owned by the same parent company have been compromised by code SocGholish. According to Symantec, some organizations that target WastedLocker ransomware could be compromised if an employee browses the news on one of its sites. Researchers from his team Threat intelligence Symantec, which discovered the attacks, said the company to which the news sites were hacked had been notified and that the malicious code had been removed.

Symantec said in a report released late last month that it had prevented the Evil Corp gang from developing WastedLocker ransomware payloads during its attacks on 31 major private companies. Of these companies, 30 were American, eight of which were "Fortune 500 companies".

Evil Corp has launched attacks on a wide range of industrial sectors, with construction, information technology and telecommunications also at the center of the attacks. Symantec noted that if the members of Evil Corp had not been decimated, they could carry out successful attacks, which could cause millions in damage. According to Symantec researchers, Evil Corp's attacks began with the SocGholish framework, which was used to infect targets that visited more than 150 breached sites. This was done by displaying false notifications information software that distributed malware payloads to target devices, which were presented as program updates.


After infecting a company employee, Evil Corp's hackers used Cobalt Strike threat simulation software and various tools to steal credentials, to achieve an escalation of privileges and to take control of the network, with the ultimate goal of encryption computers with WastedLocker ransomware. Prior to the development of ransomware, hackers disabled Windows Defender across their entire target network using PowerShell scripts and legitimate tools.

If WastedLocker ransomware payloads were successfully developed using the tool Windows Sysinternals PsExec, could encrypt them data victims and delete Windows shadow volumes in order to delete security copies and file snapshots and make them impossible to recover.

news sites

Evil Corp has been active since at least 2007 and distributed the Dridex malware toolkit, which was later used for dissemination. malware payloads of other malicious agents. The gang also participated in the distribution of Locky ransomware, as well as its own ransomware strain, known as "BitPaymer" until 2019. In addition, two members of the gang were accused by the US Department of Justice in late 2019 of involvement in fraud and cyber-attacks on international banks, which resulted in the theft of at least $ 100 million. Since then, Evil Corp has renewed its tactics and now reappears in the field of ransomware, developing its new WastedLocker ransomware in the execution of targeted attacks, and demanding ransom of millions of dollars.

Every accomplishment starts with the decision to try.