Russian Group Blamed For Ransomware Barrage Against Major U.S. Companies

June 26, 2020 20:01 GMT – By RFE/RL

A Russian hacker group the United States has in the past linked to Russian intelligence prepared a “string” of malware attacks on dozens of U.S. companies by targeting work-at-home employees during the pandemic, a network monitor says.

The Symantec Corporation said on June 25 that the attackers were trying to deploy “WastedLocker ransomware” in at least 31 firms that could allow them to cripple IT systems and demand multimillion-dollar payoffs to avert catastrophe.

The Russians were “going after the biggest American firms, and only American firms,” according to Symantec’s technical director, and the actual number of targets could be much higher.

Symantec, a corporate- and government-network-monitoring firm, attributed the dangerous software to Evil Corp, a “notorious” cybercrime outfit whose leaders are thought to include two Russian nationals.

Those Russian suspects, Maksim Yakubets and Igor Turashev, were indicted by the U.S. Justice Department in December 2019 for allegedly trying to steal millions of dollars in more than 40 countries through malware.

U.S. officials have offered a $5 million reward for tips leading to their capture.

The U.S. Treasury Department claimed in a December sanctions notice that Evil Corp leaders had worked for Russia’s Federal Security Service (FSB) and conducted cybercrime “on an almost unimaginable scale.”

Russian authorities have protected them from extradition, it added.

U.S. officials have increased their level of alert recently amid leaked fears by law enforcement that ransomware attacks might be used to penetrate and compromise election infrastructure ahead of November’s elections in the United States.

U.S. intelligence concluded that Russian actors, some of them with ties to the state, attacked computers ahead of the 2016 U.S. elections.

More than 60 percent of U.S. workers have been working from home recently due to COVID-19 fears, a recent poll suggested.

The attackers in the WastedLocker attempts were reportedly trying to exploit virtual private networks (VPNs) that many people around the world are using for security purposes while working from home during the COVID-19 pandemic.

The malware uses compromised websites and masquerades as a software update to break into victims’ networks, Symantec said.

At least a dozen Russians accused of major international cybercrimes have been detained, and some extradited to the United States, in recent years.

On June 26, a U.S. district court in Virginia sentenced Russian national Aleksei Burkov to nine years in prison for operating two websites that sold stolen, mostly U.S. payment-card numbers and mediated sales of stolen data and hirings for illegal activities.

The U.S. Department of Justice said the 30-year-old Burkov pleaded guilty to a single count of access-device fraud and another count of conspiracy to commit a range of digital crimes.

Burkov was arrested near Tel Aviv in 2015 and extradited to the United States four years later.

After Burkov’s extradition, Russia’s Foreign Ministry accused Washington of “hunting” Russian citizens around the world.

3 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.