Evil Corp, a threat group that has been around since 2007, has a track record of switching tactics and tools. The group was known for pushing the Dridex malware and later switching to the ransomware business. They started with Locky ransomware and then deployed their own strain known as BitPaymer up until 2019. When the U.S. sanctioned the group in December 2019 for using Dridex, they switched to WastedLocker and then Hades ransomware. From there, the group impersonated the PayloadBin Hacking Group and used the Macaw Locker and Phoenix CyrptoLocker to infect victims. According to Mandiant, the group has now made another switch and has begun deploying ransomware as a LockBit affiliate. This move occurred after more sanctions from the U.S. and allows the group to blend in with other groups.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is