Macaw Locker, Evil Corp’s Latest Version Makes New Victims

In order to avoid US sanctions that avert victims from paying ransom demands, Evil Corp threat actor has released a new ransomware dubbed Macaw Locker.

About Evil Corp

Also known as the Dridex gang or INDRIK SPIDER, the Russia-based hacking group Evil Corp has been around since at least 2007 and is notorious for developing and distributing the banking trojan known as Dridex.

As ransomware operations became more profitable, Evil Corp cybercriminal organization released BitPaymer, which was distributed via the Dridex malware to infected business networks.

In December 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp sanctioning the members after using Dridex to cause more than $100 million in financial losses. 

As a result of these sanctions, ransomware negotiation companies will no longer facilitate ransom payments for Evil Corp-related operations.

In order to avoid these sanctions,  Evil Corp gang members started renaming their ransomware campaign to different names such as WastedLockerHades, and Phoenix, and PayloadBin.

DoppelPaymer, which has recently changed its name to Grief, is yet another ransomware group suspected of being linked to Evil Corp. However, the link between the two has not been confirmed.

“New Kid On the Block”

This month, Olympus, a

Read More: https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/