TechCrunch reports that Russian hacking gang Evil Corp has begun leveraging the LockBit ransomware in its attacks as it moved to a ransomware-as-a-service operation following sanctions imposed by the U.S. Treasury's Office of Foreign Assets Control in December 2019.
Mandiant researchers discovered that UNC2165, which had significant similarities with EvilCorp including the utilization of Hades ransomware and several infrastructure overlaps has been using the LockBit RaaS to conceal its operations with other Evil Corp affiliates as it sought to bypass U.S. sanctions.
"The adoption of existing ransomware is a natural evolution for UNC2165 to attempt to obscure their affiliation with Evil Corp. Its adoption could also temporarily afford the actors more time to develop completely new ransomware from scratch, limiting the ability of security researchers to easily tie it to previous Evil Corp operations," said researchers.
The findings come after an alleged attack by the dismantled REvil ransomware group against an Akamai customer, which security researchers have already dismissed as a copycat operation.
CNN reports that a potential compromise of the Department of Homeland Security's sensitive physical security details is being looked into by the department's senior officials following a ransomware attack against contractor and major building automation systems manufacturer Johnson Controls International.
Most organizations impacted by ransomware attacks have been noted by the FBI to be experiencing another intrusion involving a different ransomware variant within 48 hours of each other, BleepingComputer reports.