Also known as DRIDEX gang or INDRIK spider, Russian cyber criminal gang Evil Corp has been active since at least 2007 and is known for distributing DRIDEX malware.
What happened?
To avoid restrictions imposed by the United States Treasury Department’s Office of Foreign Asset Control, the cybercrime agency known as Evil Corp recently began infecting its victim networks with lockbit ransomware (OFAC).
As Blipping computer According to the report, the cyber criminal organization first used Lucky Ransomware and then from 2017 to 2019 they used their own ransomware strain known as BitPaymer.
The company began installing its new ransomware, WastedLocker, in June 2020, after being banned from using Dridex ransomware for more than $ 100 million in financial losses from the United States in December 2019.
Since March 2021, Evil Corp Heads has started using a different strain of ransomware known as ransomware. Hades ransomware is a 64-bit variant of WastedLocker that has been improved with more code opacity and other minor feature changes.
Since then, threatening actors have asserted themselves as members of the Pelodbin hacking organization and used additional strains of ransomware, with names such as Macau Locker and Phoenix Cryptolcar.
The threat posed to Mandiant by researchers has previously been noted by cybercrime syndicates, who have taken another step to isolate themselves from known technology that enables them to redeem victims without the risk of violating OFAC restrictions.
An activity cluster identified by Mandiant as UNC2165, which supplied Hades ransomware and was previously affiliated with Evil Corp, is now deploying ransomware as an associate of LockBit.
Mandiant has conducted multiple investigations Lockbeat Ransomware intrusions are responsible for UNC2165, a financially motivated threat cluster that shares numerous overlaps with threat groups that have been publicly reported as “Evil Corp”. UNC2165 has been active since at least 2019 and has access to hunting networks almost exclusively. Fake update Transmission chain, as tracked by Mandiant UNC1543. Previously, we saw the installation of UNC2165 HADES ransomware. Based on the overlap between UNC2165 and Evil Corp, we evaluate with high confidence that these actors may attempt to attribute their activities to a well-known ransomware service (RaaS) at LOCKBIT, from using exclusive ransomware variants. Avoid bans.
If you liked this article, follow us LinkedIn, Twitter, Facebook, YouTubeAnd Instagram For more cyber security news and topics.
