In previous videos, we’ve discussed the dangerous hacking group known as “Evil Corp” who, despite being hit with indictments from the United States Department of Justice, have continued to levy significant cyber attacks targeting companies, while demanding ransom payments in the millions.
Well, Evil Corp recently hit a roadblock, as attacks against a wide range of industry sectors, including five manufacturing firms, four organizations in the information technology sector, and three dealing in telecommunications were identified by security firm Symantec, who alerted their customers to the attacks, as Evil Corp attempted to deploy WastedLocker ransomware on their networks.
Evil Corp, formerly known as the Dridex gang, has become one of the largest malware and spam botnets on the Internet over the last 13 years via its Dridex operation and more recent attacks using it’s custom ransomware they created called BitPaymer. Over a period from 2017 to 2019, they used the computers they infected with the Dridex malware to look for corporate networks and then deployed BitPaymer on the largest companies they could identify. Eventually, the US Justice Department stepped in and charged several of the gang members with cybercrimes in December of 2019.
The brazen gang of cybercriminals was not going to allow federal indictments to stop them for long. However, in January of 2020, barely a month after the DOJ charged several members, they launched a small number of malware campaigns, usually for other Hackers until March of 2020, when they again went silent for a brief period. They came back in a big way, when they returned with a new tool called WastedLocker that they have used to make demands as large as 10 million dollars against some of their higher-profile victims.
Symantec published a report on their findings on WastedLocker, and caution corporations looking to protect against the ransomware strain that: “The attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks. As such, WastedLocker is a highly dangerous piece of ransomware. A successful attack could cripple the victim’s network, leading to significant disruption to their operations and a costly clean-up operation.”
WastedLocker ransomware appears to be secure at the moment, which means it’s victims’ have no way to decrypt their files for free, so the best way to survive a WasterLocker attack, like most ransomware and malware attacks, is prevent it from ever happening.