skip to Main Content

Cybercrime, Evil Corp uses PayloadBIN ransomware to evade US sanctions

Bleeping Computer: Evil Corp uses PayloadBIN ransomware to evade US sanctions. The gang now impersonates Babuk and its malware to let the victims pay the ransoms

Evil Corp (aka Indrik Spider and Dridex) cybercrime group is using PayloadBIN ransomware to evade sanctions imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC). It has been discovered by Bleeping Computer cybersecurity experts. After being sanctioned by the US government in 2019, ransomware negotiation firms refused to facilitate ransom payments for Evil Corp ransomware attacks to avoid facing fines or legal action from the Treasury Department. Evil Corp began renaming their malware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions. The last action has been to impersonate Babuk, the Payload Bin hacking group that recently quitted their operations.


Back To Top