Also known as the Dridex gang or INDRIK SPIDER, the Russian cybercriminal gang Evil Corp has been active since at least 2007 and is known for distributing the Dridex malware.
In order to circumvent the restrictions imposed by the Office of Foreign Assets Control of the United States Treasury Department, the cybercrime organization is known as Evil Corp has recently begun infecting its victims’ networks with the LockBit ransomware (OFAC).
After receiving sanctions from the United States in December 2019 for their use of the Dridex ransomware to inflict more than $100 million in financial losses, the organization began deploying its newest ransomware, WastedLocker, in June of 2020.
Starting in March 2021, Evil Corp began using a different strain of ransomware called as Hades ransomware. Hades ransomware is a 64-bit variation of WastedLocker that has been improved with more code obfuscation and other minor feature modifications.
Since that time, the threat actors have posed as members of the PayloadBin hacking organization and utilized additional strains of ransomware with names like Macaw Locker