Skip to main content

Evil Corp Switches to Ransomware-as-a-Service to Evade US Sanctions

posted onJune 5, 2022
by l33tdawg
PC Mag
Credit: PC Mag

Evil Corp—or at least a hacking group affiliated with it—is mixing things up. Mandiant reports that a threat actor it's been tracking as UNC2165 appears to be related to the cybercrime group, which was sanctioned by the US Treasury Department in 2019 for using "the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft."

Those sanctions prevent organizations from paying a ransom to restore access to their systems. Financially motivated threat actors like Evil Corp aren't targeting organizations for the fun of it, or looking to further a nation-state's agenda, so they have to maximize their chances of getting paid. That means they need to make it harder for their victims to identify them.

Which is why Mandiant says that hacking groups affiliated with Evil Corp have used a variety of ransomware strains over the last two years. The groups initially used WastedLocker, but after that ransomware's connection to Evil Corp was revealed, they switched to a ransomware family known as Hades. Now they've started using a ransomware-as-a-service (RaaS) called Lockbit.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th