ZDNet is reporting Evil Corp, one of the biggest malware operations on the internet, has slowly returned to life after several of its members were charged by the US Department of Justice in December 2019. In a report shared with ZDNet today, Fox-IT, a division within the NCC Group, has detailed the group’s latest activities following the DOJ charges. According to Fox-IT, the group returned in January and spurted a few malware campaigns, usually for other crooks, until March, when they again went silent. Fox-IT says when Evil Corp returned for the second time in 2020 the group created a new ransomware strain to replace the aging BitPaymer variant that they’ve been using since early 2017. Fox-IT named this new ransomware WastedLocker based on the file extension it adds to encrypted files, usually consisting of the victim’s name and the string “wasted.” Security researchers say that an analysis of this new ransomware has revealed little code reuse or code similarities between BitPaymer and WastedLocker; however, some similarities still remain in the ransom note text.
