Quote:The criminal group Evil Corp is trying to mask its latest activity by using previously unknown ransomware called PayloadBin, according to researchers. The move is believed to be an attempt to confuse law enforcement and avoid sanctions imposed by the U.S. federal government against entities it believes are linked to Evil Corp, according to published reports.
Evil Corp, widely associated with the info-stealing Dridex malware, has been the target of a crackdown by U.S. authorities since 2019. As part of that effort, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against anyone or organization it believes has ties with the criminal enterprise. This action effectively prevents ransomware negotiation firms from facilitating ransom payments with Evil Corp, which limits its ability to profit from criminal activity.
When first discovered, researchers believed PayloadBin was related to a criminal group associated with use of malware called Babuk Locker, according to a published report. That’s because the Babuk crew recently announced it was hanging up its ransomware hat to switch to a new cybercriminal effort. Researchers then said the cybergang regrouped and introduced new tactics and branding, calling themselves “PayloadBin” at the end of May.
At the time, researchers thought that the Babuk crew might have changed its mind about foregoing ransomware, as the PayloadBin sample presented itself as ransomware that encrypted files and left a ransom note.
However, upon further inspection, researchers identified the malware as the work of Evil Corp based on previous ransomware operations of that group, according to the report, which was corroborated by security researcher Fabian Wosar on Twitter.
“Looks like EvilCorp is trying to pass off as Babuk this time,” Wosar tweeted. “As Babuk releases their PayloadBin leak portal, EvilCorp rebrands WastedLocker once again as PayloadBin in an attempt to trick victims into violating OFAC regulations.”
Read more: Evil Corp Impersonates PayloadBin Group to Avoid Federal Sanctions | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
