Security News > 2022 > June > Evil Corp Pivots LockBit to Dodge U.S. Sanctions

Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found.

The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in December 2019 in a widespread crackdown on the dangerous and prolific cybercriminal group best known for spreading the aforementioned info-stealing Dridex malware and later its own WastedLocker ransomware.

The sanctions basically forbid any U.S. entity from doing business or being associated with Evil Corp, effectively preventing ransomware negotiation firms from facilitating ransom payments for the group-obviously limiting its ability to profit from criminal activity.

Evil Corp took a brief hiatus after the sanctions and a subsequent indictment of its leaders, but since has cloaked itself through clever rebranding to continue its nefarious activity.

About a year ago, Evil Corp tried to mask itself by using previously unknown ransomware called PayloadBin, which researchers determined was likely a rebrand of its own ransomware, WastedLocker, according to reports.

With Evil Corp cloaking itself in the activity of other ransomware groups, targets likely will pay an extortion fee, as they would not be aware of the government sanctions against the true perpetrators of the crime, McQuiggan said.

News URL

https://threatpost.com/evil-corp-pivots-to-lockbit-to-dodge-u-s-sanctions/179858/