Ransomware group requests million-dollar ransom payments

A group of malware called Evil Corp seems to be back in action, reportedly having recently released new ransomware that asks its victims to pay a million dollar ransom. The group had been dormant after the United States Department of Justice charged some of its members in December 2019.

Debit card data is auctioned on the Dark Web after the ransom was not paid
According to a report released June 23 by Fox-IT cyber security firm, a division of NCC Group, Evil Corp. They are known for using Dridex malware and BitPaymet ransomware.

American companies are their main targets

The study states that Evil Corp has developed new ransomware, called WastedLocker, which it has been actively using to launch attacks since May 2020. There are reports that the group has requested a combined total of $10 million from several U.S.-based companies.

A bug in the Bancor endangered the Ethereum’s DeFi system
The group had previously stopped its operations until January 2020 due to the indictment of its alleged members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.

NCC Group detailed how WastedLocker works:

„Evil Corp is selective in terms of the infrastructure they choose to target Bitcoin Up when implementing their ransomware. They typically target file servers, database services, virtual machines, and cloud environments. Of course, these choices will also be heavily influenced by what we can call their „business model,“ which also means they should be able to disable or disrupt backup applications and related infrastructure.

The research team added that this increases the victim’s recovery time. In some cases, due to the unavailability of offline or off-site backups, it impedes the ability to quickly recover from an attack.

Alleged unlicensed Bitcoin distributor becomes first Singaporean to be charged under new law

No data has been filtered yet
NCC Group notes that, the group does not appear to threaten to publish information about its victims, as DoppelPaymer and many other ransomware attacks tend to do.

The team speculated:

„We assessed that a likely reason for not leaking the victim’s information is the unwanted attention this would attract from police and the public.