🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team focuses on Evil Corp and its new Macaw Locker #ransomware that is being used to evade U.S. sanctions which previously prevented victims from paying ransoms. (1/7) #CyberSecurity #Legaltech
Background: Evil Corp, also known as Indrik Spider, Gold Drake, and Dridex gang, is an international cybercrime network that has stolen over $100 million USD in over 40 countries through a variety of attacks on banking institutions (2/7)
The group also dabbles in #ransomare, including their notorious #BitPaymer operation which utilized Dridex malware to attack compromised networks and subsequently led to sanctions from the US Treasury in 2019: home.treasury.gov/news/press-rel… (3/7)
Since then, Evil Corp has dabbled in a bunch of smaller #ransomware campaigns under names like WastedLocker, Hades, PayLoadBin, and CryptoLocker to avoid attribution back to them. Macaw Locker is their latest campaign in this (4/7)
Macaw Locker has already caused a significant amount of chaos so far, including the loss of data from Olympus and the recently-disclosed disruption of the Sinclair television syndication network. In essence – it's drawn the spotlight back to Evil Corp (5/7)
Now that the affiliation is known, it wouldn’t surprise me if Macaw Locker (in its current label) went away and a new ransomware campaign popped up in its place to evade sanctions (6/7)
What you can do: Ransomware attacks are destructive; the best thing you can do is leveling up your preventative measures, including aggressively keeping up to date on patches and consistently training employees on phishing best practices /fin (7/7) #cybersecurity #LegalTech
• • •
Missing some Tweet in this thread? You can try to
force a refresh
