Cybercrime Group

Indrik Spider

Russia • Active since 2014

Indrik Spider created the Dridex banking malware and later moved to ransomware. They are on the US sanctions list, so paying their ransom could get companies in legal trouble.

Overview

Indrik Spider is the cybercriminal group behind Dridex banking trojan and BitPaymer/WastedLocker ransomware. The group is sanctioned by the US Treasury, complicating victim ransom decisions.

Also Known As

Evil Corp, TA505 affiliate, Gold Drake

Target Industries

Finance, Manufacturing, Healthcare, Government, Retail

Target Regions

Global, United States, Europe

Is your business exposed?

Tactics, Techniques & Procedures

  • Fake browser update campaigns
  • Dridex distribution
  • Ransomware deployment
  • Active Directory compromise
  • Ransomware rebranding

Known Tools & Malware

Dridex, BitPaymer, WastedLocker, Hades, SocGholish

Notable Campaigns

Dridex Global Campaign (2014-present)

Long-running banking trojan operation affecting millions.

WastedLocker Attacks (2020)

Targeted large US corporations with WastedLocker ransomware.

MITRE ATT&CK Techniques

T1189, T1204.002, T1486, T1078, T1059.001

Defense Recommendations

  1. 1.

    Block SocGholish/fake update domains

  2. 2.

    Consult legal on OFAC before ransom decisions

  3. 3.

    Monitor for Dridex indicators

Related Threat Actors

Evil Corp, Wizard Spider

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices