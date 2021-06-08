Infosecurity Group Websites
Latest
News

Evil Corp Rebrands Ransomware to Escape Sanctions

Threat actors behind a notorious Russian cybercrime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them.

Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April.

A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

“Looks like EvilCorp is trying to pass off as Babuk this time. As Babuk releases their PayloadBin leak portal, EvilCorp rebrands WastedLocker once again as PayloadBin in an attempt to trick victims into violating OFAC regulations,” he said.

If that’s correct, it would appear to be the latest in a long line of rebranding by the group from its original BitPaymer effort in a bid to circumvent US sanctions.

Michael Gillespie, the creator of the ID Ransomware service, explained that aside from WastedLocker, the group has used “Hades” and “Phoenix” as new names for the same malware.

Wosar said it was easy to identify the same underlying code in all of those ‘variants.’

“EvilCorp malware sticks out like a sore thumb simply because of the obfuscator they use,” he tweeted. “But the cryptographic scheme is identical, encrypted file format is identical, MO is identical, configuration format is identical, the list goes on and on.”

The group was placed on the US Treasury’s Office of Foreign Assets Control (OFAC) sanctions list in December 2019 after being accused of using the Dridex banking Trojan to steal over $100 million globally.

That meant corporate victims were effectively prohibited from paying the group a ransom or risk themselves being accused of breaking sanctions.

Mitch Mellard, a threat intelligence analyst at Talion, argued that rebranding could be widespread in the underground economy.

“I feel that this situation is somewhat of an indictment of ransomware insurance as a whole. We have reached the point where instead of blanket condemnation of paying ransoms across the board, two lists of criminals have been created,” he added.

“The first list is comprised of actors who have achieved such renown that paying them is actually treated as ... paying criminals. The second list is, by nature of its contents, also entirely criminals, but those who it is somehow acceptable to reward monetarily for their illegal activities.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Colonial Pipeline Incident Sparks 'Help Desk' Phishing Attacks

2
News

US to Treat Ransomware Like Terrorism

3
News

Warning of New Ransomware Surge in Education Sector

4
News

DNS Attacks on the Rise, Costing $1 Million Each

5
News

Qualys Announces Passing of Former CEO Philippe Courtot

6
News

California City Hid Cyber-attack

1
Opinion

What's New in the EU's Updated Standard Contractual Clauses?

2
Magazine Feature

How Quantum Computing Could Reshape Security

3
News

Large Parts of Internet Offline Today Following Cloud Provider Issue

4
News

Evil Corp Rebrands Ransomware to Escape Sanctions

5
News

French Antitrust Regulator Slaps $268 Million Fine on Google

6
Editorial

Editorial: I Want You Back (Q2 2021 Issue)

1
Webinar

Secure Access Management: Modernize your IT Infrastructure by Maximising Productivity and Minimizing Friction

2
Webinar

Securing Remote Employee Devices with Unified Endpoint Management

3
Webinar

The Challenge of Remote File Transfer Security: Is Centralization the Answer?

4
Webinar

Securing the New World of Distributed Work: What We've Learnt and How To Apply It

5
Webinar

Data Classification: The Foundation of Effective Cybersecurity

6
Webinar

Using 2020's Vulnerability Trends to Spearhead Your 2021 Security Posture

1
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

2
Webinar

Securing the New World of Distributed Work: What We've Learnt and How To Apply It

3
Blog

Securing Containers: Seven Key Concerns and What to Do About Them

4
Blog

Defining Cybersecurity in a Hybrid World

5
Magazine Event

Infosecurity Magazine's Women In Cybersecurity Event at Infosecurity Europe

6
Digital Edition

Infosecurity Magazine, Digital Edition, Q2, 2021, Volume 18, Issue 2