A string of attacks against U.S. companies have taken place by a known group using the WastedLocker ransomware (Ransom.WastedLocker) on their networks. The ransomware cripples the victim’s IT infrastructure by encrypting most of their computers and servers. They then demand a multimillion dollar ransom to restore the system. At least 31 organisations that use Symantec protection have been attacked including Fortune 500 firms, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organisations and were in the process of laying the groundwork for staging ransomware attacks.
The persons responsible for initiating the attack are believed to be part of a group called “Evil Corp.”, and are said to have worked with Russian Intelligence. The leaders were indicted by the Justice Department in December 2019, and it is believed they are retaliating against the U.S. government. Targets include any of America’s largest companies and a major news organisation whose employees are working from home during the pandemic.
Evil Corp has “been engaged in cybercrime on an almost unimaginable scale,” according to the American Justice Department, deploying malware to steal tens of millions of dollars from online banking systems.
The State Department has offered $5 million for information leading to the arrest or conviction of the group’s leader, Maksim V. Yakubets. fbi.gov link
The malware was deployed on common websites and even one news site. The code looked for a sign that the visiting computer was part of a major corporate or government network – a way to guess this is if it used a VPN (Virtual Private Network – Betternet and PrivateVPN were recently hacked). The malware would then just sit and wait for the user to connect that same computer to the corporate mainframe, then would deploy to the mainframe.
They even managed to disable the antivirus software on systems, and searched also for backup systems.
► Pay attention to pop-up screens. No matter how busy you are, take a few seconds to read what the message states. If you are not clear about what is being requested, refuse the request, or do a quick internet search to learn more about it. Wastedlocker gained access by offering fake updates.
► Update your operating software. No common computer user should be on High Sierra or Windows XP anymore.
► Read your email headers carefully. Just because you know someone named “Alex” – that doesn’t mean the email is from the “Alex” you know.
► For home finance – have an “internet computer” and a “non-internet computer”. The “non-internet computer” is for your sensitive material. Never share files between them.
► Use a VPN. Considered the best are ExpressVPN, NordVPN, Surfshark. Opera browser has a free VPN built in. Note to self: VPN’s encrypt your data and traffic – they hide your location, but they can’t help you if you willingly download something. Wastedlocker gained access by offering fake updates.