New ransomware from Russia is targeting your business through remote workers


Have you heard of Evil Corp? It sounds like a joke right? But it’s not. Symantec just announced that they had discovered and notified businesses that the Russian hacking group called Evil Corp has been targeting remote employees with ransomware attacks.

In a typical ransomware attack, criminals send victims an email. Usually it looks like it’s from a fellow employee and has a link in it to a malicious site. Clicking on that link means that criminals can take over the computers and demand payment to regain control, typically in untraceable cryptocurrency like Bitcoin.

In the case of Evil Corp’s ransomware attack, the Russian hackers were trying to cripple the company’s IT infrastructure by encrypting most of their computers and servers in so they could demand a multi-million dollar ransom. Symantec disclosed that 31 U.S.-based organizations were compromised in the latest series of attacks, eight of which are Fortune 500 companies. So how did they get in? That’s the subject of today’s Takeaway.

The Takeaway

These hackers were able to launch ransomware attacks on workers through malware deployed on common websites and even one news site. From those compromised websites, users inadvertently downloaded a bogus software update that installed the malicious payload onto their computers.

That malware inspects the computers to see if they have virtual private network (VPN) software installed as businesses typically will use this to allow remote employees to access sensitive corporate data. Once the criminals get into the remote employee machine, they can then tunnel their way into the corporate network and take it over.

So what can you do? 3 things:

1. Proper protection for at-home machines

Most EDR (Endpoint Protection Response) software will detect that something unusual is happening on a computer. It’s better than antivirus and is a must-have in today’s world. Be sure all of your workers are properly protected on their home machines with a good EDR solution.

2. Employee security awareness training

Let’s face it, part of the problem here is that employees may simply not be aware that these kind of entry points exist in their computers. A quick brush up on your security awareness program is a must. Better yet, ongoing training will keep all employees aware of the latest threats and how not to get tricked.

3. Review your network for least privilege

Least privilege is a common term in the security world for describing who has access to what on your company’s network, especially when it comes to sensitive files. Should your sales department have access to payroll data? Should your accountant have access to customer specific data. Of course not! But, you might be surprised how often we find this to be the case during a Network Security audit. Why not get ahead of the curve and check your permissions now, before an incident occurs. It could save you some major expenses and reputation damage.

Stay safe out there.

-A