Security News > 2022 > June > Evil Corp switches to LockBit ransomware to evade sanctions
The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control.
Active since 2007, Evil Corp is known for pushing the Dridex malware and later switching to the ransomware "Business."
The gang started with Locky ransomware and then deployed their own ransomware strain known as BitPaymer until 2019.
From March 2021, Evil Corp moved to another strain known as Hades ransomware, a 64-bit variant of WastedLocker upgraded with additional code obfuscation and minor feature changes.
This new tactic of acting as a Ransomware as a Service operation affiliate would likely allow them to invest the time needed for ransomware development into broadening the gang's ransomware deployment operations.
Another theory is that a switch to others' malicious tools may provide Evil Corp with enough free resources to develop a new ransomware strain from scratch, making it harder for security researchers to link to the gang's previous operations.
News URL
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)