Security News > 2022 > February > Entropy ransomware linked to Evil Corp's Dridex malware
Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan.
Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware.
In a report today, Sophos principal researcher Andrew Brandt says that deeper inspection of the Entropy malware was prompted by a detection signature that had been created for catching Dridex.
"The instructions that dictate how Entropy performs the first"layer" of unpacking are similar enough to Dridex that the analyst who looked at the packer code, and in particular the portion that refers to an API called LdrLoadDLL - and that subroutine's behavior, described it as "very much like a Dridex v4loader," and compared it to a similar loader used by a Dridex sample from 2018".
There's suspicion in the infosec community that Entropy ransomware is a rebrand of Grief ransomware, which is a continuation of the DoppelPaymer operation.
The attackers spent four months moving laterally and stealing data before encrypting computers using Entropy ransomware.