The cybercriminal group linked to over $100 Million in financial damages has pivoted their execution strategy to bypass sanctions that prevent U.S. companies from paying them ransom.
Back in 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released sanctions that prohibited any U.S. company from doing business with individuals and companies owned or controlled by specific countries. This also includes acting for or on behalf of the specific country. Evil Corp was one of those prohibited companies.
This puts U.S. companies that suffer a ransomware attack in a peculiar spot, as paying the ransom would put them in trouble with the U.S. Treasury.
Evil Corp used WastedLocker at the time the sanctions were released, making that variant of ransomware an identifiable marker that the victim organization was doing “business” with someone on the OFAC list. Security researchers at cybersecurity vendor CrowdStrike recently linked Hades ransomware with Evil Corp, putting the spotlight back on the Russia-based cybercriminal group. This instance is making it once again difficult to address a ransomware attack via paying the ransom.
Should your organization be Evil Corp’s next victim, you had better have a response plan in place and an ability to recover operations quickly. Anything other than that, and you’re doomed. Your only other out is to significantly reduce the likelihood of an attack by training your users through Security Awareness Training to identify and avoid phishing emails – which is still top of the list as the primary initial attack vector.