Palo Alto Networks Unit 42 cybersecurity experts: The malware group claims to be part of the well-known firm, but there is no indication about a relation.
Bleeping Computer: Evil Corp uses PayloadBIN ransomware to evade US sanctions. The gang now impersonates Babuk and its malware to let the victims pay the ransoms
Evil Corp (aka Indrik Spider and Dridex) cybercrime group is using PayloadBIN ransomware to evade sanctions imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC). It has been discovered by Bleeping Computer cybersecurity experts. After being sanctioned by the US government in 2019, ransomware negotiation firms refused to facilitate ransom payments for Evil Corp ransomware attacks to avoid facing fines or legal action from the Treasury Department. Evil Corp began renaming their malware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions. The last action has been to impersonate Babuk, the Payload Bin hacking group that recently quitted their operations.