Russian hackers attack remote US workers with ransomware

New York: Russian hackers have unleased a wave of cyber attacks on Americans working from home, targeting remote employees with ransomware attacks.

Global cyber security firm Symantec has uncovered attacks against 31 organizations to date, all of which were located in the US.

The vast majority of targets are major corporations, including many household names. Aside from a number of large private companies, there were 11 listed companies, eight of which are Fortune 500 companies, said in a statement on Friday.

“Attackers were preparing to attack dozens of U.S. corporations, including eight Fortune 500 companies.

“At least 31 customer organizations have been attacked, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks,” said the cyber security firm.

‘WastedLocker’ is a relatively new breed of targeted ransomware and has been attributed to the notorious ‘Evil Corp’ cyber crime outfit from Russia.

Two Russian men who are alleged to be involved in the group have open indictments against them in the US.

The attacks begin with a malicious JavaScript-based framework known as SocGholish, tracked to more than 150 compromised websites, which masquerades as a software update.

Once the attackers gain access to the victim’s network, they use ‘Cobalt Strike’ commodity malware to steal credentials and move across the network in order to deploy the WastedLocker ransomware on multiple computers.

The attacks were proactively detected on a number of customer networks.

“The attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks,” said Symantec.

WastedLocker is a highly dangerous piece of ransomware. A successful attack could cripple the victim’s network, leading to significant disruption to their operations and a costly clean-up operation, it added.