Bloomberg reports that the Sinclair Broadcast Group was hit by the Russian cybercriminal organization usually known as Evil Corp. The attackers are said to have used the Macaw strain of WastedLocker ransomware (Emsisoft calls Macaw simply a rebranded version of WastedLocker). Evil Corp has been under US sanctions since December of 2019, which would complicate any attempt to buy back access to infected systems by paying the ransom. One purpose of adopting rebranded malware strains may be obscuring the fact that payment of ransom to the sanctioned entity amounts to a violation of US law. The gang's two alleged leaders, Maksim Yakubets and Igor Turashev, were also indicted by the US at time sanctions were imposed. Sinclair's recovery from the attack remains a work in progress: according to the Daily Beast, disruptions to business and production systems have continued into the week.
Macaw ransomware (and thus its proprietor, Evil Corp) are also said, by TechCrunch, to be responsible for ongoing attacks against Olympus.
In the criminal-to-criminal malware supply chain, one key player, the Russian gang Fin7, is representing itself online as a legitimate company, the Wall Street Journal reports in an exclusive. "Bastion Secure" (which the Journal archly notes uses the letters "BS" as its logo) claims to be a provider of cybersecurity services. The point of their online presence appears to be recruiting.
International efforts to curb ransomware find themselves up against pervasive corruption in Russia, as Mieke Eoyang, US deputy assistant defense secretary for cyber policy, told DefenseOne.