Saturday, November 28, 07:29
Home security News sites violated due to WastedLocker ransomware attacks!

News sites violated due to WastedLocker ransomware attacks!

The Russian gang "Evil Corp", also known as "Dridex", violated dozens of news sites of USA belonging to the same company, with the aim of infecting employees of more than 30 major private companies in the country, using false information notices software appearing from malicious SocGholish JavaScript-based framework. The computers of the employees of these companies were used as a means for the invasion of the gang in the corporate networks, within a series of drive-by attacks. Symantec confirms news that dozens of US news sites owned by the same parent company have been compromised by code SocGholish. According to Symantec, some organizations that target WastedLocker ransomware could be compromised if an employee browses the news on one of its sites. Researchers from his team Threat Intelligence Symantec, which discovered the attacks, said the company to which the news sites were hacked had been notified and that the malicious code had been removed.

Symantec said in a report released late last month that it had prevented the Evil Corp gang from developing WastedLocker ransomware payloads during its attacks on 31 major private companies. Of these companies, 30 were American, eight of which were "Fortune 500 companies".

Evil Corp has launched attacks on a wide range of industrial sectors, with construction, information technology and telecommunications also at the center of the attacks. Symantec noted that if the members of Evil Corp had not been decimated, they could carry out successful attacks, which could cause millions in damage. According to Symantec researchers, Evil Corp's attacks began with the SocGholish framework, which was used to infect targets that visited more than 150 breached sites. This was done by displaying false notifications information software that distributed malware payloads to target devices, which were presented as program updates.

After infecting a company employee, Evil Corp's hackers used Cobalt Strike threat simulation software and various tools to steal credentials, to achieve an escalation of privileges and to take control of the network, with the ultimate goal of encryption computers with WastedLocker ransomware. Prior to the development of ransomware, hackers disabled Windows Defender across their entire target network using PowerShell scripts and legitimate tools.

If WastedLocker ransomware payloads were successfully developed using the tool Windows Sysinternals PsExec, could encrypt them data victims and delete Windows shadow volumes in order to delete security copies and file snapshots and make them impossible to recover.

Evil Corp has been active since at least 2007 and distributed the Dridex malware toolkit, which was later used for dissemination. malware payloads of other malicious agents. The gang also participated in the distribution of Locky ransomware, as well as its own ransomware strain, known as "BitPaymer" until 2019. In addition, two members of the gang were accused by the US Department of Justice in late 2019 of involvement in fraud and cyber-attacks on international banks, which resulted in the theft of at least $ 100 million. Since then, Evil Corp has renewed its tactics and now reappears in the field of ransomware, developing its new WastedLocker ransomware in the execution of targeted attacks, and demanding ransom of millions of dollars.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to choose which extensions will appear in the Edge toolbar

Extensions to Microsoft Edge can make your browser more useful. But sometimes you may not like it ...

COVID-19 vaccines: North Korea hacks drugs

South Korea, to be precise, its intelligence service, has thwarted North Korea's efforts to invade South Korean companies ...

Drupal: Security updates to deal with exploits

The developers of the Drupal content management system (CMS) have released emergency security updates due to the availability of some exploits, which can put in ...

How to disable "Get even more out of Windows" in Windows 10

Does it bother you that "Get even more out of Windows" appears every time you update to Windows 10? May be...

The US military is investigating "telepathic" communication technology

The U.S. Army Research Bureau is funding a new study on how brain signals could ...

Canon acknowledged the ransomware attack in August

About three months later, Canon publicly confirmed the ransomware attack it suffered in early August, which affected servers ...

Hackers love expired domains

Sometimes, website owners do not want to continue to have a domain name and allow it to ...

Word: How to add the same text to multiple documents with one link

Microsoft Word makes it easy to add the same text to multiple documents. This is especially convenient for text with special formatting, the ...

Black Friday: Cybercriminals are monitoring your shopping

Due to the conditions that have emerged from the pandemic of COVID-19, the online shopping will be particularly high on Black Friday and ...

US fertility: Ransomware attack on the largest fertility network in the USA!

US Fertility, the largest fertility network in the US, announced that some of its systems were encrypted in an ransomware attack that ...