Even Russia’s Evil Corp now favors software-as-a-service

The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.

You might be wondering why cyberextortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.

As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.

The US Treasury Department, through its Office of Foreign Assets Control (OFAC), in December 2019 sanctioned Evil Corp over its development and use of Dridex, claiming the group used the malware to infect systems and steal login credentials from hundreds of financial institutions in more than 40 countries and swipe more than $100 million.

Those sanctions, according to the Treasury, banned US persons “from engaging in transactions” with Evil Corp, and “foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions” with the gang. That would make collecting ransoms a little more

Read more

Explore the site

More from the blog

Latest News