Cybercrime Group
Evil Corp
Russia • Active since 2007
Evil Corp is a Russian criminal gang that stole over $100 million with banking malware. The US government put sanctions on them, which means companies cannot legally pay their ransoms. They keep changing ransomware names to avoid sanctions.
Overview
Evil Corp is a Russian cybercriminal group responsible for the Dridex banking trojan and multiple ransomware strains. The US has sanctioned group members, making ransom payments potentially illegal.
Also Known As
Indrik Spider, Dridex Gang, TA505 affiliate
Target Industries
Finance, Healthcare, Manufacturing, Retail, All Industries
Target Regions
United States, Europe, Global
Is your business exposed?
Tactics, Techniques & Procedures
- • Banking trojan deployment
- • Ransomware rebranding to evade sanctions
- • Fake browser update attacks
- • Cobalt Strike deployment
- • Active Directory compromise
Known Tools & Malware
Dridex, WastedLocker, Hades, Phoenix Locker, Macaw Locker, LockBit affiliate
Notable Campaigns
WastedLocker Attacks (2020)
Targeted US organizations with WastedLocker ransomware demanding millions.
Garmin Attack (2020)
Encrypted Garmin systems causing days of service outage.
MITRE ATT&CK Techniques
T1189, T1059.001, T1486, T1078, T1003
Defense Recommendations
- 1.
Verify ransomware attacker identity before payment
- 2.
Monitor for fake browser update campaigns
- 3.
Consult OFAC sanctions before ransom decisions
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required