A notorious Russian cybercrime group has updated its attack methods in response to sanctions that prohibit US companies from paying it a ransom, according to cybersecurity researchers.

The security firm Mandiant said on June 1 it believes that the Evil Corp gang is now using a well-known ransomware tool named Lockbit. Evil Corp has shifted to using Lockbit, a form of ransomware used by numerous cybercrime groups, rather than its own brand of malicious software to hide evidence of the gang’s involvement so that compromised organisations are more likely to pay an extortion fee, researchers said.