Hacking tool linked with Russian crime ring used in Sinclair ransomware attack, analysts say
According to a security researcher who has seen the ransom letter, the hacking tool used in a ransomware assault that disrupted programming at Sinclair Broadcast Gang is identical to malicious malware previously employed by a Russian crime group sanctioned by the US government.
According to several experts who have analysed the code, it also resembles prior hacking tools ascribed to the Russian organisation.
The criminal organisation known as Evil Corp is thought to be driven largely by money and is notorious for flaunting its ill-gotten gains. It was previously accused by US officials of stealing $100 million from people all around the world, in part through gaining access to their bank account login information.
“According to someone I’ve been in direct touch with at Sinclair, the company was struck with Macaw ransomware, which seems to be a new malware from Evil Corp,” said Allan Liska, senior intelligence analyst at cybersecurity firm Recorded Future.
Sinclair, the second-largest television broadcaster in the United States, has been investigating the ransomware assault since Saturday. Sinclair employees previously told CNN Business that the disruption hampered the production of local newscasts throughout the day on Sunday and again on Monday. The firm also stated that it was investigating what information the hackers took and that it had alerted law enforcement and US government authorities to the incident.
The hacker has yet to be identified by Sinclair or US federal authorities. A request for comment was not immediately returned by a Sinclair spokesman.
The apparent link to Evil Corp, originally reported by Bloomberg News, would indicate that Sinclair Broadcast Group was in the crosshairs of a powerful adversary.
Despite the fact that Evil Corp is considered to be primarily motivated by profit, the Treasury Department sanctioned suspected members of the organisation in 2019 and accused the company’s head of giving “direct assistance to the Russian government’s harmful cyber activities.”
Organizations targeted by Evil Corp are typically prohibited from paying the gang a ransom to release their data, according to the penalties. The Biden administration has sought to discourage firms from paying ransoms in the face of a constant wave of ransomware assaults on US companies this year, fearing that it will simply attract new attacks.
