Symantec said in a report released late last month that it had prevented the Evil Corp gang from developing WastedLocker ransomware payloads during its attacks on 31 major private companies. Of these companies, 30 were American, eight of which were "Fortune 500 companies".
Evil Corp has launched attacks on a wide range of industrial sectors, with construction, information technology and telecommunications also at the center of the attacks. Symantec noted that if the members of Evil Corp had not been decimated, they could carry out successful attacks, which could cause millions in damage. According to Symantec researchers, Evil Corp's attacks began with the SocGholish framework, which was used to infect targets that visited more than 150 breached sites. This was done by displaying false notifications information software that distributed malware payloads to target devices, which were presented as program updates.
After infecting a company employee, Evil Corp's hackers used Cobalt Strike threat simulation software and various tools to steal credentials, to achieve an escalation of privileges and to take control of the network, with the ultimate goal of encryption computers with WastedLocker ransomware. Prior to the development of ransomware, hackers disabled Windows Defender across their entire target network using PowerShell scripts and legitimate tools.
If WastedLocker ransomware payloads were successfully developed using the tool Windows Sysinternals PsExec, could encrypt them data victims and delete Windows shadow volumes in order to delete security copies and file snapshots and make them impossible to recover.
Evil Corp has been active since at least 2007 and distributed the Dridex malware toolkit, which was later used for dissemination. malware payloads of other malicious agents. The gang also participated in the distribution of Locky ransomware, as well as its own ransomware strain, known as "BitPaymer" until 2019. In addition, two members of the gang were accused by the US Department of Justice in late 2019 of involvement in fraud and cyber-attacks on international banks, which resulted in the theft of at least $ 100 million. Since then, Evil Corp has renewed its tactics and now reappears in the field of ransomware, developing its new WastedLocker ransomware in the execution of targeted attacks, and demanding ransom of millions of dollars.