Security News > 2022 > June > Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions

The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019.

"These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service - in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant noted in an analysis last week.

Hades is the work of a financially motivated hacking group named Evil Corp, which is also called by the monikers Gold Drake and Indrik Spider and has been attributed to the infamous Dridex trojan as well as other ransomware strains such as BitPaymer, DoppelPaymer, and WastedLocker over the past five years.

With sanctions used as a means to rein in ransomware attacks, in turn barring victims from negotiating with the threat actors, adding a ransomware group to a sanctions list - without naming the individuals behind it - has also been complicated by the fact that cybercriminal syndicates often tend to shutter, regroup, and rebrand under a different name to circumvent law enforcement.

"The adoption of an existing ransomware is a natural evolution for UNC2165 to attempt to obscure their affiliation with Evil Corp," Mandiant said, while also ensuring that sanctions are "Not a limiting factor to receiving payments from victims."

The findings from Mandiant, which is in the process of being acquired by Google, are particularly significant as the LockBit ransomware gang has since alleged that it had breached into the company's network and stole sensitive data.

News URL

https://thehackernews.com/2022/06/evil-corp-cybercrime-group-shifts-to.html