A previously unknown malware called Macaw Locker has been spotted in new ransomware attacks by the Evil Corp OCG. Judging by the similarity of the code, this is another member of the ransomware family of a criminal group trying to hide from the watchful eye of the US authorities by rebranding their weapons.
At the moment, only two victims of Macaw Locker are known: the leader of the American broadcasting market Sinclair Broadcast Group and the tech giant Olympus, which has not yet fully recovered from the BlackMatter attack .
In one case, the hackers demanded $ 28 million for the decoder, in the other – $ 40 million. The BleepingComputer reporter learned about the rookie’s relationship with other Evil Corp. ransomware from Emsisoft expert Fabian Wosar.
He analyzed the code of Macaw Locker and came to the conclusion that the new malware is not much different from its predecessors. The malware adds the .macaw extension to encrypted files and leaves a ransom note (macaw_recover.txt) in folders with such objects.
A unique ID is created for each victim, and on the Tor network, there is a separate page with a chat for negotiating a ransom. According to some reports, the Evil Corp cyber group, aka TA505, Indrik Spider and CHIMBORAZO, appeared on the Internet in 2007. She started out as an ordinary participant in other people’s affiliate programs and then acquired her own malware – the Dridex banker.
The acquisition was so successful that it created a botnet that was leased to other malware distributors. With the advent of ransomware, the owners of Dridex repurposed it to carry out ransomware operations – they began to use the Trojan themselves as a bootloader for such programs.
At first, it was Locky, then in the arsenal of Evil Corp appeared Jaff , of Hades, BitPaymer. In 2019, the activities of the energetic organized criminal group attracted the attention of the US authorities, after which the names of the malware it uses began to change more often.
WastedLocker has made the biggest buzz in the latest creations of the controversial band; she is also considered to be responsible for the operations of DoppelPaymer and Sidoh .
Catch up on more stories here
Follow us on Facebook here