Ransomware Gang Seeks Million Dollar PayDay
NCC Group revealed that a ransomware variant is now asking for million dollar ransoms.
A malware group called Evil Corp is reportedly back in action, having recently launched a new ransomware which asks its victims to pay a million dollar ransom. The group had previously gone quiet after the U.S. Department of Justice charged some of its members in December 2019.
According to a report published on June 23 by the cybersecurity firm Fox-IT, a division of NCC Group, Evil Corp has been active since 2007 — the group is considered to be one of the biggest cybercrime teams on the internet. They are known for using the Dridex malware and BitPaymet ransomware.
U.S. firms are Evil Corp’s primary targets
The study states that Evil Corp has developed a new ransomware, called WastedLocker, which it has been actively using to launch attacks since May 2020. There are reports that the group has asked for a combined total of $10 million from a number of U.S.-based companies.
The group had previously halted its operations until January 2020 due to the indictment of alleged members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.
NCC Group detailed how WastedLocker operates:
“Evil Corp are selective in terms of the infrastructure they target when deploying their ransomware. Typically, they hit file servers, database services, virtual machines and cloud environments. Of course, these choices will also be heavily influenced by what we may term their ‘business model’ – which also means they should be able to disable or disrupt backup applications and related infrastructure.”
The research team adds that it increases the time for recovery for the victim. In some cases, due to the unavailability of offline or offsite backups, it prevents the ability to recover at all.
No leaked data yet
NCC Group points out that the gang does not appear to threaten to publish victim’s information the way that the DoppelPaymer and many other targeted ransomware operations tend to do.
The team speculated:
“We assess that the probable reason for not leaking victim information is the unwanted attention this would draw from law enforcement and the public.”