From Malware to Ransomware: Notorious Russian Hacking Group Uses Lockbit Amid Ukraine War
From Malware to Ransomware: Notorious Russian Hacking Group Uses Lockbit Amid Ukraine War
While cyber-security firms have linked Evil Corp to two malware strains known as Dridex and Hades, the group's usage of LockBit may lead hacked organisations to assume that the breach was caused by someone other than this Russian group

Amid Russia’s invasion of Ukraine, a notorious Russian cyber-crime group, Evil Corp, has modified its attack methods in reaction to restrictions that prevent US corporations from paying a ransom.

Mandiant, a security firm, reported on June 2 that it believes the group is now using Lockbit, a well-known ransomware tool, to obscure proof of the gang’s involvement.

While cyber-security firms have linked Evil Corp to two malware strains known as Dridex and Hades, the group’s usage of LockBit may lead hacked organisations to assume that the breach was caused by someone other than this Russian group.

According to the US authorities, this group is suspected to be behind some of the greatest banking fraud and computer hacking schemes of the past decade, stealing more than $100 million from companies in 40 countries. Accused members are on law enforcement’s wanted lists in the United States, United Kingdom and Europe, including accused mastermind Maksim Yakubets, who allegedly worked for Russia’s Federal Security Service.

The US has stepped up its efforts to combat cybercrime, including barring American companies from paying ransom costs to well-known groups like Evil Corp and cryptocurrency exchanges, which are frequently used to transfer ransom payments.

According to experts, the use of off-the-shelf software by Evil Corp shows that sanctions may not be enough to stop the group from extorting money from companies in the United States and around the world.

Russia is infamous for the hacking-related activities that took place in the past few years. But foreign authorities became more concerned after Russia sent troops to Ukraine, as this incident triggered a cyberwar.

Ukraine experienced an increase in cyberattacks on numerous of its banks and government organisations prior to the commencement of the war. Many of the attacks were wiper attacks, which erase data on PCs, or DDoS attacks, which flood networks using multiple, scattered devices.

Russia Cyberattack

While the notorious Russia-linked threat actors continue to attack foreign organisations, changing the modus operandi, reports revealed that a Russian government website appears to have been hacked over the weekend, with a ‘Glory to Ukraine’ sign in Ukrainian appearing while searching for the site.

After the hacking of Russia’s state-owned firms and news organisations since the invasion began on February 24, the Ministry of Construction, Housing and Utilities’ website was targeted by hackers.

On June 5, a ministry representative told Russia’s state news agency RIA that the site was offline, but users’ personal information was safe and by June 6, the website was back to normal.

Some Russian media outlets reported that hackers were demanding a ransom to avoid public disclosure of consumers’ personal information.

Since the start of the cyberwar, volunteer hackers have been protecting Ukraine with the so-called ‘IT Army’, which was founded by Ukrainian digital minister Mykhailo Fedorov. Telegram is used to access the group, which has a list of possible Russian state-owned targets.

Governments from all around the world have rallied to Ukraine’s aid, pledging to support the country’s cyber infrastructure. As a result of this cyber warfare, governments like the US and Australia have made suggestions to businesses on how to improve their cyber security.

Read all the Latest News here

What's your reaction?

Comments

https://tupko.com/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!