preloader image

Russian hackers are trying to take advantage of the millions of employees working from home because of shelter-in-place orders.

Security firm Symantec said this week that it had discovered and then notified businesses that the Russian hacking group Evil Corp has been targeting remote employees with so-called ransomware attacks.

In a typical ransomware attack, criminals send victims an email—often created to look like it’s from a colleague—that contains a link to a malicious site. When users access the fraudulent site, criminals can then take over their computers and demand payment—typically in cryptocurrency like Bitcoin—to regain control of their devices.

In the case of Evil Corp’s ransomware attack, Symantec said the hackers wanted to “cripple” a company’s “IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion-dollar ransom.”

Symantec said that 31 U.S.-based organizations were compromised in the latest series of attacks, “eight of which are Fortune 500 companies.” The security firm did not reveal the names of the impacted organizations nor whether they paid any ransoms. The security firm said that while the hackers “breached the networks of targeted organizations,” the criminals were only “in the process of laying the groundwork for staging ransomware attacks,” implying that they didn’t complete their intended extortion plans.

This recent hacking attempt used a specific type of ransomware known as WastedLocker, which Symantec said was developed by Evil Corp. Two of Evil Corp’s alleged members have been previously charged by the U.S. Department of Justice for a separate “decade-long cybercrime spree” affecting unspecified banks and financial firms, Symantec said.

Eric Chien, Symantec’s technical director, said in an interview with the New York Times, that hackers were able to launch ransomware attacks on workers via malware that “was deployed on common websites and even one news site,” without describing those compromised websites containing the malicious code. From those compromised websites, users inadvertently downloaded a bogus software update that installs the malware onto their computers.

That malware inspects people’s computers to see if they have installed a corporate virtual private network, or VPN, that businesses typically require their remote employees to use in order to access sensitive corporate data. The malware learns the name of the employee’s company from the VPN and is then able to infect people’s computers once those workers visit another website.

“Once the machine is reconnected to the corporate network, the code is deployed, in hopes of gaining access to corporate systems,” the Times said.

More must-read tech coverage from Fortune:

  • A new coating could protect ATMs from spreading diseases like COVID-19. But will it work?
  • George Floyd protests, coronavirus face masks pose challenges for facial recognition
  • E-book reading is booming during the coronavirus pandemic
  • Can Nikola Motor’s big battery promises be true?
  • Big investors like Bitcoin for the wrong reason

Business Achievement Awards

© 2020 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy (Your California Privacy Rights) | CCPA Do Not Sell My Information | Ad Choices 
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html.
S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions. | EU Data Subject Requests

Business Achievement Awards

Business Achievement Award

Copyrights © 2020 Business Achievement Awards All Rights Reserved.