Russia-based ‘Evil Corp’ could launch cyberattack on America’s election infrastructure: security experts
Fairfax County election officials setting up electronic voting machines (Photo: Fairfax County/Flickr)

On Thursday, The New York Times reported that experts are fearful that a group of Russian cybercriminals could launch an attack on the U.S. elections system.

"A Russian ransomware group whose leaders were indicted by the Justice Department in December is retaliating against the U.S. government, many of America’s largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware intended to cripple their operations," reported David Sanger and Nicole Perlroth. "Sophisticated new attacks by the hacking group — which the Treasury Department claims has at times worked for Russian intelligence — were identified in recent days by Symantec Corporation, a division of Broadcom, one of the many firms that monitors corporate and government networks."

The group calls itself "Evil Corp." in an apparent reference to the multinational corporation from "Mr. Robot," and they have launched a ransomware campaign called "WastedLocker." In a ransomware attack, a user or organization's own files are encrypted, and the author demands payment to unlock them.

"While ransomware has long been a concern for American officials, after devastating attacks on the cities of Atlanta and Baltimore and towns across Texas and Florida, it has taken on new dimensions in an election year,' said the report. "The Department of Homeland Security has been racing to harden the voter registration systems run by cities and states, fearing that they, too, could be frozen, and voter rolls made inaccessible, in an effort to throw the Nov. 3 election into chaos."

According to the report, the indictment was not successful in shutting down the group. "In the month after the indictment, Evil Corp.’s hackers dropped off the map, but they picked up again in May, according to security researchers at Symantec and Fox-IT, another security company that is a division of the NCC Group. For the past month, they have been successfully breaking into organizations using custom ransomware tools."

You can read more here.