logo
Plus   Neg
Share
Email

Symantec Thwarts Ransomware Attacks Against At Least 31 U.S. Corporations

symantec server 063020 lt

Cybersecurity firm Symantec, a part of Broadcom, Inc., has claimed to have thwarted ransomware attacks against at least 31 U.S. corporations, including 11 listed companies, eight of which are Fortune 500 companies. It identified and alerted these customers about the attackers attempt to deploy the WastedLocker ransomware on their networks.

Symantec identifies WastedLocker as a relatively new breed of targeted ransomware, which was documented recently while Symantec was performing outreach to affected networks. WastedLocker has been attributed to the notorious "Evil Corp" cyber crime outfit.

Evil Corp has previously been associated with the Dridex banking Trojan and BitPaymer ransomware, which are believed to have earned their creators tens of millions of dollars. Two Russian men who are alleged to be involved in the group have open indictments against them in the U.S.

WastedLocker is a highly dangerous piece of ransomware. These attacks focus on crippling the victim's IT infrastructure by encrypting most of the data in their computers and servers in order to demand a multimillion dollar ransom, mostly in cryptocurrencies such as Bitcoin. The use of cryptocurrencies makes it difficult for the victims to track the payment.

In these proposed attacks, the attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks. A successful attack could cripple the victim's network, leading to significant disruption to their operations and a costly clean-up operation.

According to Symantec, the attacks begin with a malicious JavaScript-based framework known as SocGholish, tracked to more than 150 compromised websites, which masquerades as a software update.

Once the attackers gain access to the victim's network, they use Cobalt Strike commodity malware in tandem with a number of living-off-the-land tools to steal credentials, escalate privileges, and move across the network in order to deploy the WastedLocker ransomware on multiple computers.

The attacks were proactively detected on a number of customer networks by Symantec's Targeted Attack Cloud Analytics, which leverages advanced machine learning to spot patterns of activity associated with targeted attacks.

This discovery enabled us to identify further organizations that had been targeted by WastedLocker and identify additional tools, tactics, and procedures used by the attackers, helping Symantec to strengthen its protection against every stage of the attack.

Symantec said the attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks.

For comments and feedback contact: editorial@rttnews.com

Business News

Follow RTT