New Wave of Ransomware from Russian-led Hackers

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo
FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo
TT
20

New Wave of Ransomware from Russian-led Hackers

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo
FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

Russia-based hackers are stepping up ransomware attacks against major US firms seeking to cripple computer networks if their demands for millions of dollars are not met, security researchers are warning.

The cybersecurity firm Symantec on Thursday said it had identified at least 31 targets in the United States, including eight Fortune 500 companies.

"The attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks. As such, WastedLocker is a highly dangerous piece of ransomware," said the threat intelligence team of Broadcom-owned Symantec in its alert.

"At least 31 customer organizations have been attacked, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks," AFP quoted the team as saying.

Earlier in the week, a similar warning came from the British-based security firm NCC Group, which identified the ransomware strain dubbed WastedLocker as a new threat since May.

The researchers said those behind the attacks include two Russian nationals, Igor Olegovich Turashev and Maksim Viktorovich Yakubets, indicted in the United States in December for their involvement in an entity known as Evil Corp which is accused of hacking US and British banks.

NCC analyst Stefano Antenucci wrote that researchers can show "with high confidence" that the latest ransomware is from Evil Corp, which has been using the so-called Dridex malware since July 2014.

The US indictment alleges the group believed to be linked to Russian intelligence inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities.

The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a $5 million reward toward Yakubets' arrest and conviction -- the highest reward ever offered for a cybercriminal.



Elon Musk's AI Chatbot Grok Gets an Update, Starts Sharing Antisemitic Posts

xAI and Grok logos are seen in this illustration taken, February 16, 2025. REUTERS/Dado Ruvic/Illustration
xAI and Grok logos are seen in this illustration taken, February 16, 2025. REUTERS/Dado Ruvic/Illustration
TT
20

Elon Musk's AI Chatbot Grok Gets an Update, Starts Sharing Antisemitic Posts

xAI and Grok logos are seen in this illustration taken, February 16, 2025. REUTERS/Dado Ruvic/Illustration
xAI and Grok logos are seen in this illustration taken, February 16, 2025. REUTERS/Dado Ruvic/Illustration

Elon Musk's artificial intelligence company said Wednesday that it's taking down “inappropriate posts" made by its Grok chatbot, which appeared to include antisemitic comments that praised Adolf Hitler.

Grok was developed by Musk’s xAI and pitched as alternative to “woke AI” interactions from rival chatbots like Google’s Gemini, or OpenAI’s ChatGPT.

Musk said Friday that Grok has been improved significantly, and users “should notice a difference.”

Since then, Grok has shared several antisemitic posts, including the trope that Jews run Hollywood, and denied that such a stance could be described as Nazism.

“Labeling truths as hate speech stifles discussion,” Grok said.

It also appeared to praise Hitler, according to screenshots of a post that has now apparently been deleted.

“We are aware of recent posts made by Grok and are actively working to remove the inappropriate posts,” the Grok account posted early Wednesday, without being more specific.

"Since being made aware of the content, xAI has taken action to ban hate speech before Grok posts on X. xAI is training only truth-seeking and thanks to the millions of users on X, we are able to quickly identify and update the model where training could be improved.

Also Wednesday, a court in Türkiye ordered a ban on Grok after it spread content insulting to Turkish President and others.

The pro-government A Haber news channel reported that Grok posted vulgarities against Turkish President Recep Tayyip Erdogan, his late mother and well-known personalities. Offensive responses were also directed toward modern Türkiye's founder, Mustafa Kemal Atatürk, other media outlets said.

That prompted the Ankara public prosecutor to file for the imposition of restrictions under Türkiye's internet law, citing a threat to public order. A criminal court approved the request early on Wednesday, ordering the country’s telecommunications authority to enforce the ban.

It's not the first time Grok's behavior has raised questions.

Earlier this year the chatbot kept talking about South African racial politics and the subject of “white genocide” despite being asked a variety of questions, most of which had nothing to do with the country. An “unauthorized modification” was behind the problem, xAI said.