Evil Corp Demands $40 million in Ransomware Attacks

Share post:

New ransomware known as Macaw Locker and based on code analysis as the newest brand of the Ransomware family of Evil Corp is rated, has turned out to be the group behind the ransomware attack, which targeted both Olympus and Sinclair Broadcast Group.

Sharing the private Macaw Locker victim sites for the two attacks, the threat scenarios demanded a 450 Bitcoin ransom ($28 million) for one attack and $40 million for the second victim, although there were no details on which company would pay a specific ransom.

When examining the gang’s Darkweb negotiating platform, the site includes a brief introduction to what happened to the victim, a tool to decrypt three files for free and a chat box to negotiate with the attackers.

As the attackers execute their attacks, the group encrypts the files of the victims and adds the .macaw extension to the filename when carrying out the attack.

The ransomware while encrypting files generates ransom demands in each folder named macaw _recover.txt and for each attack, the ransom note contains a unique negotiation page for victims on the Macaw Locker’s Tor site and an associated decryption ID.

For more information, read the original story in Bleeping Computer.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways