October 4, 2023

The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US OFAC.

The Evil Corp gang, also known as Indrik Spider and the Dridex gang, started as an affiliate for the ZeuS botnet. They formed a group that focused on distributing the banking trojan and downloader called Dridex via phishing emails.

Evil Corp began renaming their ransomware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions.

When installed, the ransomware will append the .PAYLOADBIN extension to encrypted files. The ransom note is named ‘PAYLOADBIN-README.txt’ and states that the victim’s “networks is LOCKED with PAYLOADBIN ransomware.”After analysing the new ransomware, is the ransomware is a rebranding of Evil Corp’s previous ransomware operations.

They had a gang rebranding and just took the opportunity.

As the ransomware is now attributed to a sanctioned hacking group, most ransomware negotiation firms will likely not help facilitate payments for victims affected by the PayloadBIN ransomware

Tags:

Leave a Reply

You may have missed

Looney Tunables Vulnerability affects Linux

October 4, 2023

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023
%d bloggers like this: