WastedLocker Ransomware Targets US Newspaper Company
According to Symantec, the cybercriminals behind WastedLocker ransomware have begun targeting dozens of newspapers operated by a US media company.
The attackers send phishing emails with fraud messages about software updates, aimed at employees of the newspapers. The emails contain the fake update SocGholish, which delivers malicious payloads. Symantec didn't name the newspapers or their parent company in the report.
This Week In Malware Ep 13: Evil Corp Hackers Blocked from Deploying WastedLocker Ransomware
The attackers were going after the employee devices, looking to infect them, so they can compromise the corporate networks and install the WastedLocker ransomware, the report shares. Symantec warned the media company of what was going on, and the malicious code was removed before the attack could pick up speed.
Symantec and other security companies tied the WastedLocker ransomware to a cybercriminal group called Evil Corp, which was in operation since 2011, with suspected Russian ties. WastedLocker seems to be targeting large companies and demanding ransoms of up to a million US dollars, according to a recent report from the NCC Group's Fox-IT.
What is the Goal of the Campaign?
According to the Symantec report, the attacks against the newspaper websites were part of a more extensive campaign that Evil Corp hackers were organizing, targeting over 30 organizations in the United States. The targets include 11 publicly traded companies, with eight of them being part of the Fortune 500. Evil Corp targeted the companies through phishing emails that hid SocGholish as a software update in a ZIP file.
When the attackers access the victim's network, they use the Cobalt Strike malware and living-off-the-land tools to escalate privileges, steal credentials, and more across the network so that they can deploy the WastedLocker ransomware on multiple computers, according to the report. Once the malware is deployed, it encrypts data and deletes shadow volumes. At the time, it is unclear if the victims decided to pay a ransom, according to Fox-IT and Symantec.
Evil Corp Activity Spans back to 2011
Since its first detection in 2011, Evil Corp has been going after banks, retailers, financial institutions, and more in the United States and other countries. According to security researchers, Evil Corp was implicated in more than one large scale spam and phishing campaign used to spread malware like Dridex, Locky, Jaff, and more. During December 2019, two members of the group, including their supposed leader, Maksim Yakubets, were accused by the US Justice Department on multiple charges.