Notorious Cybercrime Gang Resurfaces Under New Name
WastedLocker is Now Masquerading as Babuk Gang’s Ransomware
Evil Corp is known for being one of the most prolific hacking groups today. After being sanctioned by the United States, the group has masked their ransomware under the name of one deployed by another gang. WastedLocker, which is Evil Corp’s ransomware program, is now going by PayLoadBin, ransomware run by another cybercrime gang called Babuk.
Authorities are speculating that this is a scheme on the part of Evil Corp to get targets to violate OFAC regulations.
What is OFAC and Why Does it Affect Evil Corp?
The Office of Foreign Assets Control is a U.S. government agency that functions primarily to administer and enforce sanctions on behalf of U.S. security as well as foreign policy. Such a sanction on a cybercrime gang, such as Evil Corp, strictly prohibits victims from paying ransom to their attackers. No deals or payments of any kind are permitted to be exchanged with sanctioned entities.
OFAC violations are serious, and the penalties tied to appropriate violations reflect this. Depending on the severity of the case, millions of dollars in fines as well as up to 30 years of prison time are possible consequences.
Due to these sanctions, victims of WastedLocker ransomware are at risk of facing dire repercussions if they pay ransom to the hacking group. This blocks off Evil Corp’s line of revenue, which is likely their motivation in “rebranding.” By rebranding as an unsanctioned party, Evil Corp would be more likely to receive payments as victims would not know that they are violating OFAC by paying ransom demands.
The Messy Ransomware Problem
The FBI is constantly reminding the public not to pay ransom to any type of threat actor. Paying ransoms, regardless of how low you can negotiate it, gives the attacker what they want. For this reason, ransomware is a favored tactic of cybercriminals. It is rarely disclosed to authorities and is usually a guaranteed payout. With new services like cyber-insurance, which on its own has been linked to a rise in ransom payments, cybercriminals are seeing more payments from victims.
SEE ALSO JBS Foods Hit by Cyber Attack
Over the past year, VMware reports ransomware has been one of the top three cybersecurity threats faced by survey respondents, and companies have been put in a difficult position of handling things according to FBI recommendations while also preserving their business’ operations.
As we learned with CNA Financial Group‘s recent ransomware attack, ransom payments to attackers have increased by 311% since 2019, and the number continues to rise. Companies’ inability to implement the appropriate level of cybersecurity measures, added to an increasing level of sophistication on the part of malware developers, can grow to be dangerous to technological progress.
However, the world is learning to defend themselves. Companies are changing policies and working on in-house security procedures, app developers are becoming more cautious of which applications they release to the public, and world governments are chipping away at sanctioning or shutting down cybercrime gangs as they come up. Change takes time, so we will see how these individual changes come together to make a difference.