According to some analysts who studied it, the code also matches the previous piracy tools attributed to the Russian group.
The criminal group, known as Evil Corp., is believed to be primarily motivated by money and is known to boast its ill-gotten wealth. U.S. authorities have previously accused him of stealing $ 100 million from victims around the world in part through access to victims ’bank account login information.
“According to someone I’ve been in direct contact with, who is part of Sinclair’s recovery team, the company was hit with Macaw ransomware, which appears to be a new Evil Corp ransomware,” Allan Liska, analyst senior intelligence from cybersecurity company Recorded Future, told CNN Business.
Neither Sinclair nor U.S. government agencies have named a culprit in the piracy. A Sinclair spokesman did not immediately respond to a request for comment.
The possible connection to Evil Corp, which Bloomberg News first reported, would mean that Sinclair Broadcast Group had been in the crosshairs of a formidable enemy.
While Evil Corp is believed to be primarily interested in making money, the Treasury Department in 2019 sanctioned alleged members of Evil Corp and accused the group leader of providing “direct assistance to the Russian government’s malicious cyber efforts. “.
Sanctions generally prohibit organizations that are victims of Evil Corp from paying the group’s ransom to unlock their data. Amid a steady stream of ransomware attacks on U.S. companies this year, the Biden administration has tried to deter companies from paying ransoms to worry it only invites more attacks.