Ransomware groups rebrand to dodge sanctions

Ransomware groups that have been sanctioned by the U.S. government are switching their tactics to evade sanctions and continue to receive ransom payments, according to a report released Thursday by cybersecurity firm Mandiant.

Hackers affiliated with a group known as Evil Corp, which was sanctioned in 2019, have since then changed the types of programs they use to target their victims. For instance, the hackers seemed to have stopped using a ransomware program known as WastedLocker and instead adopted similar variants in a “relatively quick succession,” the report said. 

“These developments suggested that the actors faced challenges in receiving ransom payments following their ransomware’s public association with Evil Corp,” according to the report. 

U.S. federal agencies have warned companies, especially those in critical sectors, to be wary of ransomware, which has become a popular tool for cyber criminals.

During an annual conference on cybersecurity held on Wednesday, FBI Director Christopher Wray said that in 2021, cybercriminals used ransomware against 14 of the 16 U.S. critical sectors, including health care.

“Ransomware gangs love to go after things we can’t do without,” Wray said.

“That’s why we’ve increasingly seen cyber criminals using ransomware against U.S. critical infrastructure sectors,” he added. 

Although federal agencies have taken various actions to hold ransomware hackers accountable, a new report released last week found that the federal government lacks sufficient data on the use of cryptocurrency in ransom payments.

Senate Homeland Security Committee Chairman Gary Peters (D-Mich.), who released the report, said that “the federal government lacks the necessary information to deter and prevent these attacks.”

The report also revealed that current government reporting of ransomware attacks and cryptocurrency is “fragmented across multiple federal agencies.” 

The senator’s yearlong investigation that led to the report also found that more than 70 percent of global ransomware revenue in 2021 went to entities likely located in Russia or tied to the Russian government. 

In the report, Peter also mentioned that ransomware attacks in 2020 increased to 150 percent from the previous year, and more than $412 million was paid to cyber criminals in ransom through cryptocurrencies.