Ransomware, Threat Management

US sanctions prompt Evil Corp hacking operation changes

Share

TechCrunch reports that Russian hacking gang Evil Corp has begun leveraging the LockBit ransomware in its attacks as it moved to a ransomware-as-a-service operation following sanctions imposed by the U.S. Treasury's Office of Foreign Assets Control in December 2019. Mandiant researchers discovered that UNC2165, which had significant similarities with EvilCorp including the utilization of Hades ransomware and several infrastructure overlaps has been using the LockBit RaaS to conceal its operations with other Evil Corp affiliates as it sought to bypass U.S. sanctions. "The adoption of existing ransomware is a natural evolution for UNC2165 to attempt to obscure their affiliation with Evil Corp. Its adoption could also temporarily afford the actors more time to develop completely new ransomware from scratch, limiting the ability of security researchers to easily tie it to previous Evil Corp operations," said researchers. The findings come after an alleged attack by the dismantled REvil ransomware group against an Akamai customer, which security researchers have already dismissed as a copycat operation.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.