The Russian hacker group, commonly known as Evil Corp, appears to be running a new ransomware strain called WastedLocker. According to researchers at Fox-IT, a part of the NCC group, WastedLocker has been in extensive circulation since May 2020.
It is named WastedLocker because it appends an extension to encrypted files comprising the victim’s name and the string called wasted.
- It comes out in the disguise of a software update, says Symantec.
- It utilizes Cobalt Strike commodity malware to steal credentials once inside its target.
- It heightens privileges and travels laterally via the network to deploy WastedLocker on as many machines as possible.
What exactly is Evil Corp?
Evil Corp, which uses malicious software to steal money, is a global cybercrime network — purportedly based out of Moscow, Russia.
From hundreds of bank accounts worldwide, this group has stolen millions of dollars. It is a widely held view that Evil Corp is the world’s most harmful and largest group.
The indictment of Evil Corp’s leaders
In December 2019, the U.S government had indicted two of its higher-profile alleged members named Igor Turashev and Maksim Yakubets, but yet they have been at large. They were indicted on ten separate accounts, including computer hacking, conspiracy, wire fraud, and bank fraud. The U.S has been unsuccessful in arresting them since Yakubets and Igor Turashev are Russian citizens.
For years, law enforcement has been chasing the group with limited success. According to the Department of Justice, a federal executive department of the United States government, the cyberattacks by Evil Corps are occurring until now.
Other notorious activities conducted by Evil Corp
Evil Corp is the same group that orchestrated the operation of the Dridex malware platform. After that, huge efforts were made to bring down the platform and other involved members by law enforcement. Unfortunately, the group remained at liberty due to the continuous adaption and update of the group.
According to a report by Crowdstrike, Evil Corp was behind the Bitmaymer ransomware. This ransomware specifically targeted the United Kingdom National Health Service (NHS). Since then, the group has decreased its campaigns and opted for more targeted cyberattacks.
In 2019, another ransomware named Doppelmayer came into the spotlight, though its source has not yet been traced back to Evil Corp.
Dridex has impacted the financial industry the most. Generally, the malware is unselective since it conducted its operations on various sectors to extract sensitive banking information.
- Phishing is the most employed tactic to launch an initial infection vector.
- Over time, opportunistic onslaughts are conducted.
- Deployment of maintained botnets to allocate 2nd and 3rd payloads
- Fake updates malware.
- Deployment of lateral movement tools.
All in all, cybercrimes over the next five years are estimated to cost businesses from $450,000 to $600,000 billion annually.
According to Symantec, the vast majority of targets are major corporations from Evil Corp. Among them, eight targets were Fortune 500 companies. One can easily guess now that no organization is safe from ransomware attacks. Vulnerabilities are always there, which ultimately becomes a reason for getting misused. Therefore, cyber threat hunting is an indispensable exercise to investigate potential compromises proactively.