Researchers have discovered a new ransomware, WastedLocker, that they are attributing with "high confidence" to the Evil Corp cybercriminal gang, two members of which the U.S. Justice Department charged last December with federal hacking and bank fraud crimes.

Evil Corp is historically associated with the banking credentials-stealing Zeus trojan and Bugat (aka Dridex) malware, as well as Locky and more recently BitPaymer ransomware. However, since mid-March there has been a marked decrease in BitPaymer attack activity, according to NCC Group and its Fox-IT InTELL division in a company blog post on Tuesday. It's likely that during this quiet period, the adversaries were busy developing the new WastedLocker ransomware program, which first debuted in May 2020.

Additionally, the cybercriminals have apparently changed up some of its TTPs in 2020. "We believe those changes were ultimately caused by the unsealing of [DOJ] indictments against [alleged Evil Corp members] Igor Olegovich Turashev and Maksim Viktorovich Yakubets, and the financial sanctions against Evil Corp in December 2019," the NCC Group blog post states. "These legal events set in motion a chain of events to disconnect the association of the current Evil Corp group and these two specific indicted individuals and the historic actions of Evil Corp."

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.