Expert Insight On New WastedLocker ransomware

ZDNet is reporting Evil Corp, one of the biggest malware operations on the internet, has slowly returned to life after several of its members were charged by the US Department of Justice in December 2019. In a report shared with ZDNet today, Fox-IT, a division within the NCC Group, has detailed the group’s latest activities following the DOJ charges. According to Fox-IT, the group returned in January and spurted a few malware campaigns, usually for other crooks, until March, when they again went silent. Fox-IT says when Evil Corp returned for the second time in 2020 the group created a new ransomware strain to replace the aging BitPaymer variant that they’ve been using since early 2017. Fox-IT named this new ransomware WastedLocker based on the file extension it adds to encrypted files, usually consisting of the victim’s name and the string “wasted.” Security researchers say that an analysis of this new ransomware has revealed little code reuse or code similarities between BitPaymer and WastedLocker; however, some similarities still remain in the ransom note text.

Chris Clements, VP,  Cerberus Sentinel
June 24, 2020
The victim has to do a calculation on if their operations are worth more than the ransom demand.
It is interesting that Evil Corp’s new WastedLocker ransomware did not include any data theft functionality. As organizations have developed more awareness and resiliency to classical ransomware campaigns we’ve seen cyber criminals shift to other forms of extortion such as threatening to disclose sensitive private information. Evil Corp seems to have simply moved to increased ransom payment de ....
[Read More >>]
Erick Kron, Security Awareness Advocate ,  KnowBe4
June 24, 2020
Once ransomware encrypts your backups, your choices become very limited as to how to proceed.
It's not really surprising to see this group getting back into the ransomware game after a bit of an absence. Now it seems we know why they were gone for a little while -- they were working on this new strain of ransomware. I've often joked about products that are marketed as new AND improved, however, in this case, that does seem to be the truth. A lot of effort went into writing this, apparently ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article