Skip to content

A group of ransomware requests millionaire payments as a ransom

June 24, 2020

A malware group called Evil Corp appears to have come back to life recently when it launched new ransomware, asking victims to pay a $ 1 million ransom. The group had remained inactive after the United States Department of Justice charged some of its members in December 2019.

According to a report by the cyber security company on June 23 Fox IT, A division of NCC Group, Evil Corp has been active since 2007. This group is considered one of the largest cybercrime teams on the Internet. They are known to use Dridex malware and BitPaymet ransomware.

American companies are their primary goals

The study says that Evil Corp has developed a new ransomware called WastedLocker that has been used to actively launch attacks since May 2020. There are reports that the group has requested a total of $ 10 million from various U.S.-based companies.

A group of ransomware requests millionaire payments as a ransom
A group of ransomware requests millionaire payments as a ransom

The group had previously ceased operations until January 2020 on charges against its alleged members Igor Olegovich Turashev and Maksim Viktorovich Yakubets.

The NCC Group explained how WastedLocker works:

“Evil Corp is selective about the infrastructure they target when implementing their ransomware. They typically reach file servers, database services, virtual machines, and cloud environments. Of course, these options are also heavily influenced by what we can call the “business model”, which also means that they should be able to disable or disrupt backup applications and related infrastructure. “

The research team added that this extends the victim’s recovery time.. In some cases, due to the unavailability of offline or offsite backups, rapid recovery from an attack is prevented.

No data has been filtered yet

The NCC group notes that the group does not appear to be threatening to disclose its victims’ information, as is the case with DoppelPaymer and many other ransomware attacks.

The team speculated:

“We have found that a likely reason that the victim’s information is not shared is due to the unwanted attention that the police and the public would receive.”