Back in December of last year, we had seen that Department of Justice in the US had charged many of the members of a well-known malware operator named Evil Corp. However, it looks like Evil Corp has made a comeback and this has been revealed by Fox-IT which is a division within the NCC group. The department has revealed how Evil Corp has made a comeback and what are its latest activities despite the DoJ charges they faced in December last year.
It is known that the group Evil Corp is also named as Dridex gang and it has been functional since 2007 and there were previous charges on this group as well. This group came to be when members of the ZeuS banking trojan decided to try their own luck at distributing malware. Initially, ZDNet reports that this group was spreading the “Cridex banking trojan, a malware strain that later evolved into the Dridex banking trojan, and later subsequently evolved into the Dridex multi-purpose malware toolkit”.
According to Fox-IT, the Evil Corp has named its new ransomware as WastedLocker based on the file extension it adds to encrypted files, usually consisting of the victim’s name and the string “wasted.”. On further analysis, it is also found out that there is very little code reuse or code similarities between BitPaymer and WastedLocker; however, some similarities still remain in the ransom note text.
Fox-IT further reveals that they’ve been tracking the use of this new ransomware family since May 2020. They say the ransomware has been exclusively deployed against US companies.
“Ransom demands that are asked by Evil Corp are now typically into the millions,” and add that “We’ve seen demands of more than $10 million,”. Also saying that “Typically, they hit file servers, database services, virtual machines, and cloud environments,” on their standard mode of operations.