E Corp, also known as Evil Corp, is well known to fans of the television show Mr. Robot, but is also the name of the group behind Locky ransomware and many other cybercriminal activities.
Evil Corp started in 2007 by delivering a banking trojan called Cridex. This eventually morphed into Dridex, a modular trojan that can steal banking information, drop a keylogger, and deploy other types of malware
. Dridex isn’t used just by Evil Corp to deploy its own malware; it’s also rented out to other cybercriminals.
Locky isn’t the only ransomware deployed by Evil Corp. After Necurs faded away, Evil Corp released the BitPaymer ransomware, which was one of the first ransomware families to rely on Big Game Hunting techniques. Evil Corp is also presumed to be behind the WastedLocker
ransomware and Grief ransomware
One of the reasons that Evil Corp is behind so many different ransomware campaigns is that Evil Corp is one of the few ransomware groups that’s officially sanctioned
by the United States government for the development and delivery of the Dridex malware. This means that U.S.-based organizations who pay them a ransom may be sanctioned by the Office of Foreign Assets Control (OFAC). Switching between different ransomware variants gives victims deniability if they have to pay a ransom.