A group of Russian hackers specializing in ransomware attacks (computer attack that takes control of the computer and usually requires a ransom) has a new target: Americans in telework. The case was revealed by the The New York Times, which adds that the self-styled group of Evil Corp., “Evil Company”, in Portuguese, the name is an allusion to the Mr. Robot series – is acting in retaliation following being accused in December by the U.S. government.
The U.S. Treasury Department said group members once worked for Russian intelligence. However, he is now trying to extort workers who, due to the pandemic, are working from home. The warning about the dangers of these hackers was initially given on Thursday by Symantec, a cybersecurity department of technology company Broadcom, and realizes that this group can infect a computer in “a way never seen before”.
By attacking a computer, these hackers even ask for ransoms of millions. To compel the user to pay retains access to all data. “Security companies have been accused of warning of danger that don’t happen after that ,but what we’ve seen in recent weeks is remarkable,” Eric Chien, technical director at Symantec, told the newspaper.
The same cybersecurity official leaves yet another warning about the nefarious purposes this group may have: “It’s currently about making money, but the infrastructure they’re implementing can be used to eliminate a lot of data – not just in companies.” With this warning, Chien refers to possible attacks that the U.S. government fears could happen in November, when the country goes to vote to re-elect or elect a president.
As an example of this danger that could also affect U.S. utilities, the newspaper recalls a computer attack that occurred in late 2019 in Louisiana against state officials. A similar case happened again in Oregon as early as January of this year. In the latter, a group of hackers managed to attack public services that prevented voters from registering.
According to Symantec there are 31 companies identified that are on the list of Evil Corp. However, it is not known whether they were successful attacks or not (sometimes companies hide these situations for fear that it will affect their image). Symantec also said that this hacker can bypass the protections of some installed antivirus programs.
We have seen them increase their ransom demands in recent years by millions of dollars as they reach larger goals,” a Fox-IT investigator tells the newspaper.
In December, the U.S. Department of Justice said Evil Corp. was involved “in cybercrime on an almost unimaginable scale.” At the time, the Treasury Department issued sanctions on these hackers and created a prize of five million dollars (about 4.5 million euros) that will be awarded to anyone who gets information from the leader of this group.
These attacks do not attempt to enter a VPN (secure connection created by company (…) They only use (malware) to identify who the user works for (and try to attack the connection if it’s not protected,” symantec says.
As the same newspaper reports, the December indictment and the assigned sanctions identified Maksim V. Yakubets as one of the culprits. However, the Treasury Department claims that this alleged hacker may be protected by the Kremlin for having worked for the Russian government’s intelligence forces.