fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Evil Corp Demands $40 million in New Macaw Ransomware Attacks

Evil Corp Demands $40 million in New Macaw Ransomware Attacks

Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

The Evil Corp hacking group, also known Indrik Spider and the Dridex gang, has been involved in cybercrime activities since 2007, but mostly as affiliates to other organizations.

Over time, the group began focusing on their own attacks by creating and distributing a banking trojan known as Dridex in phishing attacks.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

Moving to ransomware

As ransomware attacks became increasingly more profitable, Evil Corp launched an operation called BitPaymer, delivered via the Dridex malware to compromised corporate networks.

The hacking group’s criminal activity ultimately led them to be sanctioned by the US government in 2019.

Due to these sanctions, ransomware negotiation firms will no longer facilitate ransom payments for operations attributed to Evil Corp.

To bypass US sanctions, Evil Corp began creating limited use ransomware operations under various names such as WastedLocker, Hades, Phenoix Locker, and PayloadBin.

Evil Corp began renaming their ransomware operations to different names such as WastedLockerHadesPhoenix CryptoLocker, and PayLoadBin.

Other ransomware families that are believed but not proven to be affiliated with Evil Corp is DoppelPaymer, which was recently rebranded as Grief.

Also Read: 6 Types Of Document Shredder Machine Singapore Services

Introducing Macaw Locker

This month, Olympus and Sinclair Broadcast Group had their operations severely disrupted by weekend ransomware attacks.

For Sinclair, it caused TV broadcasts to be cancelled, different shows to air, and newscasters to report their stories with whiteboards and paper.

This week, it was discovered that both attacks were conducted by a new ransomware known as Macaw Locker.

In a conversation with Emsisoft CTO Fabian Wosar, BleepingComputer was told that, based on code analysis, MacawLocker is the latest rebrand of Evil Corp’s ransomware family.

BleepingComputer has also learned from sources in the cybersecurity industry that the only two known Macaw Locker victims are Sinclair and Olympus.

Sources also shared the private Macaw Locker victim pages for two attacks, where the threat actors demand a 450 bitcoin ransom, or $28 million, for one attack and $40 million for the other victim.

It is unknown what company is associated with each ransom demand.

The Macaw Locker ransomware will encrypt victims’ files and append the .macaw extension to the file name when conducting attacks.

While encrypting files, the ransomware will also create ransom notes in each folder named macaw_recover.txt. For each attack, the ransom note contains a unique victim negotiation page on the Macaw Locker’s Tor site and an associated decryption ID, or campaign ID, as shown below.

Macaw Locker ransom note
Macaw Locker ransom note

The gang’s dark web negotiation site contains a brief introduction to what happened to the victim, a tool to decrypt three files for free, and a chatbox to negotiate with the attackers.

Macaw Locker Tor payment negotiation site
Macaw Locker Tor payment negotiation site

Now that Macaw Locker has been exposed as an Evil Corp variant, we will likely see the threat actors rebrand their ransomware again.

This constant cat-and-mouse game will likely never end until Evil Corp stops performing ransomware attacks or sanctions are lifted.

However, neither of those scenarios is likely to take place in the immediate future.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us