Russian Group Blamed For Ransomware Barrage Against Major U.S. Companies

The hacker group is believed to include Maksim Yakubets (left) and Igor Turashev, both indicted by U.S. authorities for the cybertheft of tens of millions of dollars.

A Russian hacker group the United States has in the past linked to Russian intelligence prepared a "string" of malware attacks on dozens of U.S. companies by targeting work-at-home employees during the pandemic, a network monitor says.

The Symantec Corporation said on June 25 that the attackers were trying to deploy "WastedLocker ransomware" in at least 31 firms that could allow them to cripple IT systems and demand multimillion-dollar payoffs to avert catastrophe.

The Russians were "going after the biggest American firms, and only American firms," according to Symantec's technical director, and the actual number of targets could be much higher.

Symantec, a corporate- and government-network-monitoring firm, attributed the dangerous software to Evil Corp, a "notorious" cybercrime outfit whose leaders are thought to include two Russian nationals.

Those Russian suspects, Maksim Yakubets and Igor Turashev, were indicted by the U.S. Justice Department in December 2019 for allegedly trying to steal millions of dollars in more than 40 countries through malware.

U.S. officials have offered a $5 million reward for tips leading to their capture.

The U.S. Treasury Department claimed in a December sanctions notice that Evil Corp leaders had worked for Russia's Federal Security Service (FSB) and conducted cybercrime "on an almost unimaginable scale."

Russian authorities have protected them from extradition, it added.

U.S. officials have increased their level of alert recently amid leaked fears by law enforcement that ransomware attacks might be used to penetrate and compromise election infrastructure ahead of November's elections in the United States.

U.S. intelligence concluded that Russian actors, some of them with ties to the state, attacked computers ahead of the 2016 U.S. elections.

More than 60 percent of U.S. workers have been working from home recently due to COVID-19 fears, a recent poll suggested.

The attackers in the WastedLocker attempts were reportedly trying to exploit virtual private networks (VPNs) that many people around the world are using for security purposes while working from home during the COVID-19 pandemic.

The malware uses compromised websites and masquerades as a software update to break into victims' networks, Symantec said.

At least a dozen Russians accused of major international cybercrimes have been detained, and some extradited to the United States, in recent years.

On June 26, a U.S. district court in Virginia sentenced Russian national Aleksei Burkov to nine years in prison for operating two websites that sold stolen, mostly U.S. payment-card numbers and mediated sales of stolen data and hirings for illegal activities.

The U.S. Department of Justice said the 30-year-old Burkov pleaded guilty to a single count of access-device fraud and another count of conspiracy to commit a range of digital crimes.

Burkov was arrested near Tel Aviv in 2015 and extradited to the United States four years later.

After Burkov's extradition, Russia's Foreign Ministry accused Washington of "hunting" Russian citizens around the world.

With reporting by the BBC and The New York Times