Evil Corp Tries to Work Around U.S. Treasury Sanctions Using Hades Ransomware bazarshop, jokerstashbazarshop
The cybercriminal group linked to over $100 Million in financial damages has pivoted their execution strategy to bypass sanctions that prevent U.S. companies from paying them ransom.
Back in 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released sanctions that prohibited any U.S. company from doing business with individuals and companies owned or controlled by specific countries. This also includes acting for or on behalf of the specific country. Evil Corp was one of those prohibited companies.
This puts U.S. companies that suffer a ransomware attack in a peculiar spot, as paying the ransom would put them in trouble with the U.S. Treasury.
Evil Corp used WastedLocker at the time the sanctions were released, making that variant of ransomware an identifiable marker that the victim organization was doing “business” with someone on the OFAC list. Security researchers at cybersecurity vendor CrowdStrike recently linked Hades ransomware with Evil Corp , putting the spotlight back on the Russia-based cybercriminal group. This instance is making it once again difficult to address a ransomware attack via paying the ransom.
Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?