Return to the list of client alerts
Sometimes things just don’t go our way.
If Covid-19 isn’t bad enough. If work from home didn’t complicate all of our lives. Hackers have figured out how to take advantage of the situation.
The Russian hacking group Evil Corp (yes, named after Mr. Robot) has infiltrated at least 31 major US corporations including 8 Fortune 500 companies. The end game is ransomware. Extortion. Payout.
They are using a new ransomware called WastedLocker.
How do they do it?
The good news (maybe) is that they are not (intentionally) going after small companies. They are ONLY going after American companies.
The way they get in is to compromise an employee’s computer at home. This could be a company issued computer that is on a home network or a personally owned computer.
Most home network routers have never been patched. Ever. So they are a pretty soft target. They could also directly attack the employee by phishing them to a compromised website and getting them to click on a malicious link. Or a drive-by attack that loads the malware just by visiting the site.
Alternatively, they can compromise the home network and attack the employee’s kids’ computer and use that as an attack vector to go after the employee’s computer.
Lots of options.
Here is the EVIL part of it.
The reason that they want to compromise your employee’s computer is because it is connected to the company VPN.
Your employee’s computer with its VPN connection is a gateway to attack your company’s network, install ransomware and demand a ransom.
This week we heard that Xerox was hit by a ransomware attack. News reports are not saying who the victim companies of the Evil Corp attacks are, but Xerox does fit the parameters of the target companies.
Since it is likely that Work From Home will continue for the foreseeable future, it is important for businesses to make sure that security practices for work from home employees are up to the challenge of EVIL CORP and similar attacks. Credit: The Daily Mail