Who is Evil Corp? A Look into the Russian Cyber Gang

There are many groups that stand out in cybercrime due to their sophisticated operations and the scale of their malicious activities.

One such group is Evil Corp, a notorious cybercriminal organisation whose infamous ransomware and malware attacks have wreaked havoc on businesses big and small. 

This article explores Evil Corp's origins and attack methods, providing insights into how this group operates and how organisations can protect themselves against it.

Who is Evil Corp?

Evil Corp is a cybercriminal gang primarily known for its involvement in large-scale financial crimes. The group, believed to be based in Russia, has been active since at least 2007 and has targeted organisations and individuals across the globe.

Evil Corp is infamous for using advanced malware to steal millions of dollars from banks, businesses, and individuals, causing widespread financial damage and making them one of the most dangerous cybercriminal organisations in the world.

Evil Corp is allegedly led by Maksim Yakubets, who is known by the online pseudonym "Aqua." Yakubets, a high-profile figure in the cybercrime world, is noted for his opulent lifestyle, which includes owning luxury cars and having ties to influential figures.

Poster provided by the U.S. Department of Justice showing Maxsim Yukabets.

Yakubets and his associates have been linked to various high-profile cybercrimes, including the development and distribution of the Dridex malware. 

The U.S. Department of Justice (DOJ) and the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) have charged Yakubets and his associates with multiple crimes, including conspiracy, wire fraud, and bank fraud.

In December 2019, the U.S. government announced a $5 million reward for information leading to Yakubets' capture, marking the highest reward ever offered for a cybercriminal.

History of Evil Corp Attack

1. The Dridex Malware

One of Evil Corp's most notorious tools is the Dridex malware, a banking Trojan designed to steal personal banking information and credentials.

Dridex is spread primarily through phishing emails that contain malicious attachments or links. Once the malware infects a system, it can capture keystrokes, redirect web traffic, and inject malicious code into banking websites to steal login information.

This highly sophisticated malware has affected numerous financial institutions and individuals, making it one of its most dangerous threats. 

2. WastedLocker Ransomware

In addition to Dridex, Evil Corp is also associated with the WastedLocker ransomware. This ransomware encrypts the victim's files and demands a ransom in exchange for the decryption key. WastedLocker is particularly damaging because it targets large organizations, often causing significant disruption and financial losses.

The ransomware is known for its precision in targeting specific entities, often selecting high-value targets that can afford to pay large ransoms.

This calculated approach ensures that the financial impact is substantial, pushing affected companies to consider paying the ransom to regain access to their critical data quickly.

The aftermath of a WastedLocker attack can be devastating, resulting in prolonged operational downtime, loss of sensitive information, and substantial recovery costs.

This level of disruption highlights the importance of strong cybersecurity defences and comprehensive incident response plans for organisations of all sizes.

Operations and Tactics

1. Phishing Attacks

Phishing is a common tactic used by Evil Corp to distribute its malware. The group sends emails that appear to be from legitimate sources, such as banks or well-known companies. These emails contain malicious attachments or links that, when opened, install malware on the victim's computer.

2. Exploiting Software Vulnerabilities

Evil Corp also exploits vulnerabilities in software to gain access to victims' systems. They use sophisticated techniques to identify and exploit these vulnerabilities before they can be patched by software developers. This method allows them to infiltrate systems undetected and deploy their malware.

3. Malware Distribution

Once Evil Corp gains access to a system, they deploy their malware, such as Dridex or WastedLocker, to carry out their attacks. The malware can remain undetected for extended periods, allowing the group to steal sensitive information or encrypt files and demand ransom payments.

Protecting Yourself from Evil Corp

To safeguard against the sophisticated cyber threats posed by Evil Corp, it is essential to implement a comprehensive cybersecurity strategy.

Regularly updating your operating system, applications, and security software is crucial in protecting against known vulnerabilities. So is utilising strong, complex passwords and changing them regularly, and a password manager can assist in generating and securely storing these passwords.

Multi-factor authentication (MFA) is also incredibly important, adding an extra layer of security to make it significantly harder for unauthorised users to gain access. 

Advanced Security Measures

Beyond basic security practices, deploying reputable antivirus programs with anti-malware features can provide robust protection against Evil Corp's malware. Ensuring your firewall is active helps block unauthorised access to your network, enhancing overall security.

Regularly backing up your data to an external drive or cloud service is vital; ensure these backups are encrypted and stored securely to protect your information from ransomware attacks.

Developing and implementing a disaster recovery plan can significantly improve your ability to quickly restore operations in case of a cyberattack, minimising disruption and financial losses. By adopting these advanced security measures, individuals and organisations can bolster their defences against the pervasive threats posed by Evil Corp.

Evil Corp is a cybercriminal group that poses a significant threat to individuals, businesses, and financial institutions worldwide. By understanding how this group operates and taking proactive measures, you can better protect yourself and your organization from their malicious activities.

Staying informed about the latest cybersecurity threats, practising strong security habits, and using reliable security tools are essential steps in defending against the sophisticated tactics employed by Evil Corp.