Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies.
The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims’ networks and unsuccessfully attempted to laying the ground for staging the attacks.
Gang asks for million-dollar payments
Cryptox reported recently a study made by the cybersecurity firm Fox-IT, a division of NCC Group, warned about the return of Evil Group’s cybercriminal activities, after a short period of going quiet.
The gang is well known for asking its victims to pay million-dollar ransom payments in cryptocurrencies like Bitcoin. There are reports that the group had been asking for a combined total of $10 from an unknown number of U.S. companies that were recently attacked.
Symantec’s Targeted Attack Cloud Analytics team first detected the early stages of WastedLocker attacks by relying on advanced machine learning to spot patterns of activity related to recent targeted attacks.
Evil Group targeted 31 companies in the blocked attack, one of the firms is a U.S.-based subsidiary of an overseas multinational.
Most affected sector
Symantec did not identify the intended victims but the cybersecurity firm’s report said the manufacturing sector was most affected, as the gang targeted five organizations related to that industry.
According to Symantec, had the attackers not been disrupted, “successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains.”
Evil Group had previously halted its operations until January 2020 due to the indictment of alleged members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.