Category Archives: Evil Corp

Russia Sends Cybersecurity CEO to Jail for 14 Years

Posted on by

The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russia’s largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions. Continue reading Russia Sends Cybersecurity CEO to Jail for 14 Years

Evil Corp affiliates are using off-the-shelf ransomware to evade sanctions

Posted on by

Researchers found a number of similarities between Evil Corp and a new group of attackers.

The post Evil Corp affiliates are using off-the-shelf ransomware to evade sanctions appeared first on CyberScoop.

Continue reading Evil Corp affiliates are using off-the-shelf ransomware to evade sanctions

Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say

Posted on by

A Twitter account known as ContiLeaks debuted to much fanfare in late February, with people around the globe watching as tens of thousands of leaked chats between members of the Russia-based ransomware gang Conti hit the web. In the days after the leaks, many celebrated what they thought would be a devastating blow to Conti, which a Ukrainian security researcher had apparently punished by leaking the internal chats because the gang threatened to “strike back” at any entities that organized “any war activities against Russia.” But ten days after the leaks began, Conti appears to be thriving. Experts say the notorious ransomware gang has pivoted all too easily, replacing much of the infrastructure that was exposed in the leaks while moving quickly to hit new targets with ransom demands. According to Vitali Kremez, CEO of the cybersecurity firm AdvIntel, by Monday morning Conti had successfully completed two new data breaches at […]

The post Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say appeared first on CyberScoop.

Continue reading Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say

Fake Christmas Eve termination notices used as phishing lures

Posted on by

A phishing campaign using a well-known malware families is employing a pair of particularly devious methods to trick targets into opening an infected file: fake employee termination notices and phony omicron-variant exposure warnings. A threat researcher going by the name of “TheAnalyst” posted a screenshot of the fake employment termination notice Dec. 22, attributing it to a Dridex affiliate. The suspicious email told the target that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details. Once a recipient opened a file, a blurred form appeared with a button to “Enable Content,” which enabled the file to run an automated script through its macros feature, a technique intended to help automation that simultaneously has been abused for years for malicious purposes. After the button was clicked, a pop-up window appeared: “Merry X-Mas Dear Employees!” Dridex is a […]

The post Fake Christmas Eve termination notices used as phishing lures appeared first on CyberScoop.

Continue reading Fake Christmas Eve termination notices used as phishing lures

On the trail of Russia’s $100 million Evil Corp hacking gang

Posted on by

Joe Tidy, technology reporter at BBC News rather bravely did something that many other journalists would probably balk at doing.

He decided he wanted to talk to Russian hackers face-to-face, on their home turf, and ask them their side of the story. Continue reading On the trail of Russia’s $100 million Evil Corp hacking gang

A Russian-speaking ransomware gang says it hacked the National Rifle Association

Posted on by

A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if the NRA doesn’t pay an extortion fee of an undisclosed sum. The documents previewed on Grief’s leak site include grant applications and minutes from a meeting. The group claims to possess more documents. However, ransomware actors have been known to exaggerate the amount of data obtained in a hack. CyberScoop has not independently verified the documents. An NRA spokesperson declined to comment when reached by phone. Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp. Evil Corp.’s involvement could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019. The Justice Department also charged two Evil Corp. members with criminal […]

The post A Russian-speaking ransomware gang says it hacked the National Rifle Association appeared first on CyberScoop.

Continue reading A Russian-speaking ransomware gang says it hacked the National Rifle Association

Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group

Posted on by

Evil Corp., one of the most notorious and prolific Russian cybercrime groups in recent years with a leader who has been accused of working with Russian intelligence, was reportedly behind last weekend’s cyberattack on Sinclair Broadcast Group. The revelation, first reported by Bloomberg Wednesday, is noteworthy because the U.S. Treasury department sanctioned the group in December, 2o19, making any U.S. company’s transactions with it illegal. The group used a new strain of malware called Macaw in the Sinclair attack, said Allan Liska, a senior threat analyst at Recorded Future. The Justice Department also announced a sealed indictment against Evil Corp. leader Maksim Yakubets in 2019 the same day as the Treasury sanctions. The U.S. government accused Yakubets and another Russian national, Igor Turashev, of being behind malware strains known as Bugat and Dridex, which authorities say hackers employed to target hundreds of banks in more than 40 countries and net the […]

The post Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group appeared first on CyberScoop.

Continue reading Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group

Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds

Posted on by

Eastern Europe remains a hotbed for illicit cryptocurrency activity, new research shows. Between June 2020 and July 2021, Eastern Europe-based cryptocurrency addresses sent $815 million to investment ponzi scams that lure users with false promises of high returns, according to Chainalysis data published Wednesday. Ukraine, in particular, drove a significant amount of the region’s traffic to the fraud websites, trouncing second-place United States by roughly 20 million visits. Half the money sent in the region went to just one apparent fraud effort. Between December 2019 and August 2021, users sent over $1.5 billion worth of bitcoin to Finiko, a Russia-based ponzi-scheme whose founders are under arrest or have fled Russia. The company marketed itself as a referral network that would reward investors with high returns, only to come under scrutiny from authorities in Moscow for allegedly defrauding users. The report highlights that while Eastern Europe is largely seen as the recipient […]

The post Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds appeared first on CyberScoop.

Continue reading Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds

Rene Ritchie’s ‘How Apple DESTROYED Facebook’s Spyware’

Posted on by

Simply superb video, published on YouTube by the eponymous Rene Ritchie, targeting the criminal behavior of Facebook.
Permalink
The post Rene Ritchie’s ‘How Apple DESTROYED Facebook’s Spyware’ appeared first on Security Boulevard.
Continue reading Rene Ritchie’s ‘How Apple DESTROYED Facebook’s Spyware’

Ransomware Gangs and the Name Game Distraction

Posted on by

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.

Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction