They are sophisticated, cunning and ruthless. The Evil Corp group has stolen over $100 million from banks worldwide using malware to steal credentials and obtain access to accounts. Evil Corp is likely targeting healthcare next, since protected health information (PHI) is so valuable and can be sold at a high price on the Dark Web.
The Healthcare Cybersecurity Coordination Center (HC3) recently issued a threat profile, describing Evil Corp as “one of the most capable cybercriminal syndicates in the world.” Based out of Russia, they have been operating since 2009 and are responsible for several of the most powerful malware and ransomware variants ever used. They maintain strong relationships not just with other powerful cybercriminal gangs, but also the Russian government.
Because they present such dangerous threat, the FBI and State Department are offering $5 million for information leading to the arrest and conviction of Evil Corp’s leader, Maksim Yakubets. The sum is the largest reward ever offered for a cybercriminal.
Evil Corp is known for developing Dridex, a “multifunctional malware variant capable of impacting the confidentiality and availability of protected data and systems directly related to business operations,” which has included banking and healthcare information.
Cyber Criminals are Financially Motivated
Healthcare organizations are attractive targets, not only because of the high dollar value of healthcare data, but ransomware operators have found that organizations in healthcare may pay a ransom to restore operations. In addition to individuals’ healthcare data, Evil Corp may be looking for valuable research data at large companies and universities.
HC3 notes that some suspect Evil Corp has ties with the Russian government. It is “entirely plausible” that Evil Corp could be “tasked with acquiring intellectual property from the U.S. health sector” since it is more cost-effective to steal research and intellectual property rather than conduct it themselves. The healthcare sector, including research institutions, is being warned to remain vigilant.
The group is financially motivated and usually conducts attacks via digital extortion, ransomware, and cyberattacks to steal data. The profile noted that Evil Corp stands apart from other groups because of how they blur the lines between cybercriminals and state-sponsored activities.
Evil Corp is Unpredictable
As much as experts know about the group, it is their unpredictability that makes Evil Corp such a significant threat. Instead of providing specific tips, HC3 provides links to various alerts, mitigations, Yara rules, and other defensive information to help healthcare organizations learn more about Evil Corp and act accordingly.
HIPAA Compliance is a Blueprint to Defend Against Cyber Crime
All the best advice, from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), HC3 and others, mirror all the defensive measures contained in the HIPAA Security Rule. If you can conduct a thorough HIPAA Risk Analysis, complete the Security Rule Checklist, and follow the Risk Management plan that comes from that work, you have the best chance of defeating aggressive cyber criminals like Evil Corp.