Evil Corp, the Hackers Behind WastedLocker ransomware are making extravagant ransom demands in the millions of dollars, despite facing criminal charges
One of the biggest malware operations on the internet, Evil Corp, has returned after several of its members were charged by the US Department of Justice in December 2019.
The History of EVIL CORP
Evil Corp, which is known alternately as the Dridex gang, has been on the scene since 2007. Their earliest efforts were focused on attacks involving the Cridex banking trojan. That malware strain later evolved into the Dridex banking trojan, and later into the Dridex multi-purpose malware toolkit.
Over the years, Evil Corp became one of the largest malware and spam botnets on the internet via its Dridex operation. The group distributed their own malware, but also distributed malware for other criminal groups. The group also dipped their toes into ransomware distribution by spreading Locky ransomware to home consumers throughout 2016.
As the ransomware market began to shift into focusing on enterprise targets, Evil Corp adapted and created a new custom ransomware named BitPaymer. The group used the computers they infected with the Dridex malware to look for corporate networks and then deployed BitPaymer on the largest enterprise targets they could identify. Evil Corp Engaged in this activity involving BitPaymer starting in 2017 until 2019, when the US Justice Department Stepped in and charged several of the gang members with cybercrimes.
Evil Corp’s Post Indictment Activities
After the DOJ’s charges were filed in December 2019, the group went silent for a full month until January 2020, when they launched a small number of malware campaigns, usually for other Hackers until March of 2020, when they again went silent for a brief period. They would return However, and when they did, they returned with a new tool called WastedLocker.
EVIL CORP replaces BitPaymer with WASTEDLOCKER
Evil Corp’s new infection of choice is a ransomware called WastedLocker. The name is based on the file extension it adds to encrypted files, usually consisting of the victim’s name and the string “wasted.”
Security researchers say that an analysis of this new ransomware has revealed little code reuse or similarities to BitPaymer, however, similarities are still seen in the ransom note text. Despite the best efforts of the US Department of Justice to contain Evil corp, the group continues to intiatite attacks, and has been known to make demands as large as 10 million dollars against some of their higher profile victims.