Evil Corp Tries to Work Around U.S. Treasury Sanctions Using Hades Ransomware

Evil Corp Uses Hades RansomwareThe cybercriminal group linked to over $100 Million in financial damages has pivoted their execution strategy to bypass sanctions that prevent U.S. companies from paying them ransom.

Back in 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released sanctions that prohibited any U.S. company from doing business with individuals and companies owned or controlled by specific countries. This also includes acting for or on behalf of the specific country. Evil Corp was one of those prohibited companies.

This puts U.S. companies that suffer a ransomware attack in a peculiar spot, as paying the ransom would put them in trouble with the U.S. Treasury.

Evil Corp used WastedLocker at the time the sanctions were released, making that variant of ransomware an identifiable marker that the victim organization was doing “business” with someone on the OFAC list. Security researchers at cybersecurity vendor CrowdStrike recently linked Hades ransomware with Evil Corp, putting the spotlight back on the Russia-based cybercriminal group. This instance is making it once again difficult to address a ransomware attack via paying the ransom.

Should your organization be Evil Corp’s next victim, you had better have a response plan in place and an ability to recover operations quickly. Anything other than that, and you’re doomed. Your only other out is to significantly reduce the likelihood of an attack by training your users through Security Awareness Training to identify and avoid phishing emails – which is still top of the list as the primary initial attack vector.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 21 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews