Federal authorities are sounding the alarm for the healthcare industry over Russian cybercrime gang Evil Corp, warning that the group has a wide set of highly capable tools at its disposal for taking healthcare data hostage.
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center in a threat advisory warns the healthcare sector that the gang, best known for developing Dridex malware, “has been exceptionally aggressive and capable in their more than decade of global hacking operations.”
The Department of the Treasury sanctioned the group, also known as UNC2165, along with Gold Drake and Indrik Spider in 2019. The Department of State offers a $5 million bounty for information leading to the arrest and conviction of the gang’s leader, Maksim Yakubets. Speculation exists that the group is a front organization for Russian intelligence, but it indisputably has stolen large sums of money since starting operations in 2009 – at least $100 million, according to government estimates.
Cybercriminal groups like Evil Corp have become only more potentially dangerous in the months since Russia’s invasion of Ukraine, says Adam Flatley, director of threat intelligence at security firm Redacted.
In addition to its in-house-coded Dridex multipurpose malware, Evil Corp also has access to prolific malware variants such as Trickbot and Emotet, as well as major ransomware operations such as Ryuk.