Russian Hacking Gang Evil Corp Shifts Its Extortion Strategy After Sanctions

A notorious Russian cybercrime group has updated its attack methods in response to sanctions that prohibit US companies from paying it a ransom, according to cybersecurity researchers. From a report: The security firm Mandiant said Thursday it believes that the Evil Corp gang is now using a well-known ransomware tool named Lockbit. Evil Corp has shifted to using Lockbit, a form of ransomware used by numerous cybercrime groups, rather than its own brand of malicious software to hide evidence of the gang's involvement so that compromised organizations are more likely to pay an extortion fee, researchers said. The US Treasury Department in 2019 sanctioned the alleged leaders of the Evil Corp gang, creating legal liabilities for American companies that knowingly send ransom funds to the hackers. While cybersecurity firms have associated Evil Corp with two kinds of malware strains, known as Dridex and Hades, the group's use of LockBit could cause hacked organizations to believe that another hacking group, other than Evil Corp, was behind the breach. Evil Corp is believed to be behind some of the worst banking fraud and computer hacking schemes of the past decade, stealing more than $100 million from companies across 40 countries, according to the US government.

Not much to say about this

[Baconsmoke]

I mean what is there to say? Other than fuck these guys.

Re:

[gweihir]

Well, yes. And those that created them as well, by having and promoting abysmally bad IT security for decades.

Re:

[CoolDiscoRex]

I mean what is there to say? Other than fuck these guys.

Fuck windows for making it so ubiquitous?

Re: Not much to say about this

[pacija]

Those "bad" guys appear to be on my side. They should charge more though. As long as paying "bad" guys ransom is more affordable to corporations than paying their IT personnel fair money to secure their systems from such trivial exploits, corporations will continue to whine and pay ransoms instead of paying their IT personnel.

Obligatory Kipling

[davidwr]

"We never pay any one Dane-geld,
        No matter how trifling the cost,
    For the end of that game is oppression and shame,
        And the nation that plays it is lost!"

Dane-Geld [bartleby.com], Rudyard Kipling

Re:

[ZiggyZiggyZig]

I've heard they ask for a one million dollar ransom, and everybody is laughing at them!

Re:

[Narcocide]

It's an overt reference to the fictional commercial entity Evil Corp in the TV series "Mr. Robot" which was actually a clear parody of Bank of America.

Re:

[Narcocide]

Correcting myself: in the show the real company's name is just "E-Corp" but is colloquially called "Evil Corp" by the characters.

Re:

[zeeky boogy doog]

And now we have Cloudy With A Chance Of Meatballs, in which "Live Corp" turns out to be... *dun dun dun*... Evil. Which is live backwards.

Prohibitions on ransom payments work

[DrMrLordX]

If anyone wanted evidence that we should ban ransom payments to malware gangs, this is it. Criminalize ransomware payments, and they stop. Done deal.

Re:

[rantrantrant]

Because corporations have never kept secrets, told lies or committed criminal actions in order to make more or save money, right?

So the real takeaway here

[rsilvergun]

Is that if you make it a crime to pay ransomware and then enforce that law you would do away with the problem overnight. It's painfully obvious that businesses won't pay ransomware when it's a crime.

If you can't cut the problem off at the head cut off the tail and let it bleed out.

So making the payments illegal works?

[spitzak]

It sure sounds like the government saying such payments are illegal actually works, at least enough to cause the ransomware people to change their tactics. It certainly sounds like making it illegal in all cases (not just for the russian subset) would be a very good idea!

Shooting fish in a barrel

[rantrantrant]

It would seem that many corporations security practices are so poor that ransomware gangs are making hay while the sun shines. It's like shooting fish in a barrel. How much of an impact do you think corporate accountability for their security would have? I mean, they have to appoint an executive data security officer who is responsible & liable if an inspection shows poor data security practices. Just like we have regular fire safety & health & safety inspections, why not data security if it's t