Easy2Lock Ransomware
The Easy2Lock Ransomware is a file-locking Trojan and a possible update of the WastedLocker Ransomware. The Easy2Lock Ransomware can stop users' files from opening by encrypting their data and delete local backups, for holding them as hostages. Effective non-local backup management can weaken the impact of infections, and competent cyber-security tools should remove the Easy2Lock Ransomware after flagging it as a threat.
The Ease of Locking Versus the Hardship of Unlocking
The Trojan-deploying strategies of the Evil Corp gang (AKA Dridex) are far from static, and the Easy2Lock Ransomware might play the part of successor to the WastedLocker Ransomware, which, itself, already took over for the old BitPaymer Ransomware. Unlike WastedLocker, the Easy2Lock Ransomware is likely an update of the immediately-preceding Trojan, with similar symptoms, features, and coding fingerprints. Details in these samples also imply that the threat actor retains some access, albeit imperfect, to obfuscating techniques that aren't exactly inexpensive.
The Easy2Lock Ransomware's Windows executable is circulating through uncertain methods, although the attackers might brute-force servers with weak passwords, hijack RDP-enabled systems, or use e-mail phishing lures. The Trojan hides its threatening nature through a digital certificate. However, there's a hitch: the chain's root certificate is out-of-date and no longer classified as trusted. However, due to the Dridex group's experience throughout their Trojan campaigns, malware experts expect possible updates to the Easy2Lock Ransomware's disguise and obfuscation in any future attacks.
The trademark feature of the Easy2Lock Ransomware, like WastedLocker Ransomware, is a secure encryption routine. Through it, the Trojan blocks media files and holds them as hostages while also adding an extension with the campaign's name as a visually-signifying element. An odd inclusion in the Easy2Lock Ransomware payload, the duplication of ransom notes, re-creates a new extortion demand in text for every 'locked' file. However, the contents of each are identical.
As usual, the security of the Easy2Lock Ransomware's encryption makes decrypting or restoring files very difficult – typically, impossible – for victims without the threat actor's help or the customized key.
Easing Oneself Around a Trojan's Business Model
The Easy2Lock Ransomware's way of doing business relies on victims without secure backups for restoring their files without invoking the attacker's help via ransom. Since malware researchers, to little surprise, verify the Easy2Lock Ransomware's wiping the Restore Points, users should assume that local backups are at risk and maintain at least one alternative on a secondary device. Detachable drives and protected cloud services are general examples that mitigate attacks from almost all file-locker Trojans, including the Easy2Lock Ransomware and the old WastedLocker Ransomware and the BitPaymer Ransomware.
The Evil Corp threat actor has a reputation for preferring enterprise-level businesses instead of home users or smaller organizations. Malware researchers see several infection vectors in use against such demographics. They include e-mail phishing lures with threatening documents, Exploit Kits, watering-hole attacks that abuse compromised or copycat websites, and brute-force attacks against account credentials. Appropriate, general security protocols, like choosing strong passwords and updating software, can limit most infection strategies and the file access of any attackers.
Digital certificates aren't the be-all, end-all for Trojan obfuscation. Robust anti-malware applications will detect and delete the Easy2Lock Ransomware, like any similar threat, and put an end to any possibility of data encryption preemptively.
Windows systems at home or in a work environment are the targets of daily-new attacks by Trojans like the Easy2Lock Ransomware. Its disguise might be slipping, but updates might renew its facade any day, all the better for ransom collection.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.