Ransomware: WastedLocker Version X

July 28, 2020
wastedlocker ransomware malware antimalware cyber attack trojan

Cybersecurity experts recently unveiled new ransomware that has been victimizing specific large business organizations demanding ransom from USD 500K to USD 10 Million. Operated by threat actor group Evil Corp Gang , the new and lethal program was named ‘WastedLocker.’ The attack was usually circumventing mainly in the United States, with a few in the European region.

The malware appears to be an alternative of previous ransomware that the group has been using, which is BitPaymer. According to the report, Wastedlocker has been the new tool of the group that started this May of 2020. Researchers concluded that the new ransomware was not a mere copy of the previous application used by the group as the code was more stealthily and ingenuity crafted.


Examining WastedLocker

The application itself is embedded through a disguised software update that a user may unknowingly run to their system as it seems to be a valid action. Once installed on the system, it will initially do a routine check analysis of imposed security and can disable such security software. After this infiltration, the threat actor will now have the ability to inject customized codes in which the WastedLocker unique attributes that will specially design per target victim with which it makes differs from other known ransomware. They will specifically target all online backup files wherein the Windows system has a built-in capability. Once these backup files have been deleted, they will now be able to start the encryption of sensitive information from the targeted system. Once encryption is done, the customs services used will be deleted automatically to avoid reconnaissance. Files that have been infected will include ‘wasted’ on its filename, and others will be created with ‘wasted_info’ for the ransomware note. Thus, this was named WastedLocker for this naming convention encryption process.


To prevent being victimized by these threats

To prevent being victimized by these threats, the security administrator must always have a roll-back technology, best, if they can still do an offline backup copy of their essential system files. With this countermeasure, they can do a clean reinstallation of the system and upload the offline backup files. However, they must ensure a complete analysis of the system before connecting offline back up data. Some ransomware is believed to have the capability to be still on the system even after infiltration and able to infect offline back up storage once it is connected to the network. Thus, it will give another chance for this threat actor for new attacks and additional blood money ransom.

Luckily for the victim of Evil Corp Gang, they have not yet looked into the option of selling exfiltrated information to the black market even if victims do not pay the ransom money.

About the author

Leave a Reply