Sinclair Broadcast Hack Linked To Notorious Russian Cybergang 22
A weekend cyberattack against Sinclair Broadcast Group was linked to one of the most infamous Russian cybergangs, called Evil Corp, Bloomberg reports. From the report: The Sinclair hackers used malware called Macaw, a variant of ransomware known as WastedLocker. Both Macaw and WastedLocker were created by Evil Corp., according to the two people, who requested anonymity to discuss confidential matters. Evil Corp. was sanctioned by the U.S. Treasury Department in 2019. Since then, it has been accused by cybersecurity experts of rebranding in an attempt to avoid the sanctions. People in the U.S. are generally prohibited from engaging in transactions with sanctioned entities, including paying a ransom. "Sinclair appears to have been hit by Macaw ransomware, a relatively new strain first reported in early October," said Allan Liska, a senior threat analyst at the cybersecurity firm Recorded Future Inc. "There have not been any other Macaw victims publicly reported."
Evil Corp (Score:2)
Not sure if I'm reading news or a Mr Robot episode summary
Re: (Score:2)
Re: (Score:2)
You're thinking of the Evil League of Evil. Evil Corp isn't even affiliated.
And now I'm gonna have Dr. Horrible's Singalong Blog in my head all afternoon.
Re: (Score:2)
Now they're saying there's a bigger evil?
Re: (Score:1)
They're both figments of someones imagination.
"Accept cookies" pop up malware (Score:2)
Billions of hours of precious time is being wasted in Europe clicking these nonsensical pop ups again and again.
Re: "Accept cookies" pop up malware (Score:3)
Nobody ever accused the EU of putting any thought behind its internet regulations.
Re: (Score:2)
It's not just europe. The entire world is forever stuck clicking "Accept Cookies" every time we clear our browsing cache. What disease they were trying to cure with that I'm not sure, but I'm pretty sure the cure is worse as I never noticed the disease.
Re: (Score:2)
I don't click them and the pages seem to still work fine.
Could it be stopped? (Score:2)
If Putin wanted this crap to stop, would it? Is it not worth putting more sanctions on them until these constant intrusions are terminated with a scary mandate from Putin's KGB or equivalent? Are we doing this back at them at a state level, and it just doesn't make the news? I can't imagine we're not sitting on hundreds or thousands of known vulnerable systems and the exploits for them.
Re:Could it be stopped? (Score:5, Informative)
It's not necessarily from Russia, but in this case, yes. They work for the FSB. This article has some info, along with this great gem [krebsonsecurity.com]:
"Each of these mule recruitment sites had the same security weakness: Anyone could register, and after logging in any user could view messages sent to and from all other users simply by changing a number in the browser’s address bar.
So, each day for several years my morning routine went as follows: Make a pot of coffee; shuffle over to the computer and view the messages Aqua and his co-conspirators had sent to their money mules over the previous 12-24 hours; look up the victim company names in Google; pick up the phone to warn each that they were in the process of being robbed by the Russian Cyber Mob."
Hack a bad thing? (Score:1)
Was the hack of Sinclair [theguardian.com] a bad thing though?
I'd argue they were doing us a favor.
Re: (Score:2)
LOL! (Score:3)
I bet they even told the hackers, "Hey guys, we're on the same side! Unlock the machines!"
The list of corporations that are more deserving of being hit with ransomware is a short one.
Re: (Score:1)
Notorious Russian Cybergang. RunNRC (Score:1)
Hasn't that name been trademarked already?
Slashdot editors: You can type this cyber bullshit (Score:1)