The Evil Corp Russian hacker group has reportedly changed its attack tactics to avoid sanctions placed on US companies prohibiting them from paying it a ransom.
Mandiant, the threat intelligence firm, reported the shift. The firm recently wrote a blog post linking a series of Lockbit ransomware intrusions to UNC2165, a threat cluster that shares numerous overlaps with Evil Corp.
In 2019, the US Treasury Department put sanctions on UNC2165 for using the Dridex malware to infect hundreds of financial institutions and banks across 40 countries and stealing in excess of $10 million.
These sanctions prevented targeted organisations from paying a ransom to UNC2165 in order to restore access to their systems, from a regulatory standpoint.