Evil Corp blocked from deploying ransomware on 30 major US firms

The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies.

“The vast majority of targets are major corporations, including many household names,” Symantec said. Aside from a number of large private companies, there were 11 listed companies, eight of which are Fortune 500 companies.”

The group was involved in the past in the distribution of the Dridex malware toolkit later used to also deliver other threat actors’ malware payloads, as well as of Locky ransomware and their own ransomware known as BitPaymer until 2019.

Evil Corp refreshed their tactics after two of their members were indicted by the US Department of Justice in December 2019 and are now again in the ransomware business deploying WastedLocker in corporate networks and asking for ransoms of millions of dollars.

“At least 31 customer organizations have been attacked, meaning the total number of attacks may be much higher,” researchers at Symantec who spotted these attacks explained.

“The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks.”

Evil Corp’s attacks were directed at a wide range of industry sectors, with a focus on manufacturing (five of the 31 targets), with another four orgs from the information technology sector and three from telecommunications.

“Had the attackers not been disrupted, successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains,” Symantec added.

Reference:

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us

https://www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/