Let me remind you that Evil Corp<\/b> has existed since at least 2007, but at first hackers more often acted as partners for other groups. It was only later that Evil Corp began to focus on its own attacks, creating the well-known banking Trojan Dridex<\/b>. Over time, when it became a ransomware, attacks became more profitable, and Evil Corp launched its own BitPaymer<\/b> ransomware, delivering it to victims’ machines via Dridex. The latter gradually evolved from an ordinary banker into a complex and multifunctional tool.<\/p>\n
All this led to the fact that in 2019 the US authorities filed charges against two Russians<\/a> who, according to law enforcement officers, were behind the development of the Dridex malware and other malicious operations. Also, the US authorities imposed sanctions on 24 organizations and individuals associated with Evil Corp and the mentioned suspects. As a result, the negotiating companies, which usually negotiate with extortionists to pay a ransom and decrypt the data, refused to \u201cwork\u201d with Evil Corp in order to avoid fines and lawsuits from the US Department of the Treasury. And it became much more difficult for the victims themselves to pay the ransom.<\/p>\n After that, in June 2020, Evil Corp switched to using the WastedLocker<\/b> malware<\/a>, in 2021 the Hades<\/b> ransomware appeared (a 64-bit version of WastedLocker, updated with additional code obfuscation and a number of functions), and then the group has already carried out several \u201crebrands\u201d and impersonated for the PayloadBin<\/b> grouping<\/a> and used other ransomware: Macaw<\/b> and Phoenix<\/b>.<\/p>\n![\"Evil](\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2022\/06\/Mandiant-Report.jpg\" "\\"\\"")
<\/p>\n