Home Malware Programs Ransomware Easy2Lock Ransomware

Easy2Lock Ransomware

Posted: October 20, 2020

The Easy2Lock Ransomware is a file-locking Trojan and a possible update of the WastedLocker Ransomware. The Easy2Lock Ransomware can stop users' files from opening by encrypting their data and delete local backups, for holding them as hostages. Effective non-local backup management can weaken the impact of infections, and competent cyber-security tools should remove the Easy2Lock Ransomware after flagging it as a threat.

The Ease of Locking Versus the Hardship of Unlocking

The Trojan-deploying strategies of the Evil Corp gang (AKA Dridex) are far from static, and the Easy2Lock Ransomware might play the part of successor to the WastedLocker Ransomware, which, itself, already took over for the old BitPaymer Ransomware. Unlike WastedLocker, the Easy2Lock Ransomware is likely an update of the immediately-preceding Trojan, with similar symptoms, features, and coding fingerprints. Details in these samples also imply that the threat actor retains some access, albeit imperfect, to obfuscating techniques that aren't exactly inexpensive.

The Easy2Lock Ransomware's Windows executable is circulating through uncertain methods, although the attackers might brute-force servers with weak passwords, hijack RDP-enabled systems, or use e-mail phishing lures. The Trojan hides its threatening nature through a digital certificate. However, there's a hitch: the chain's root certificate is out-of-date and no longer classified as trusted. However, due to the Dridex group's experience throughout their Trojan campaigns, malware experts expect possible updates to the Easy2Lock Ransomware's disguise and obfuscation in any future attacks.

The trademark feature of the Easy2Lock Ransomware, like WastedLocker Ransomware, is a secure encryption routine. Through it, the Trojan blocks media files and holds them as hostages while also adding an extension with the campaign's name as a visually-signifying element. An odd inclusion in the Easy2Lock Ransomware payload, the duplication of ransom notes, re-creates a new extortion demand in text for every 'locked' file. However, the contents of each are identical.

As usual, the security of the Easy2Lock Ransomware's encryption makes decrypting or restoring files very difficult – typically, impossible – for victims without the threat actor's help or the customized key.

Easing Oneself Around a Trojan's Business Model

The Easy2Lock Ransomware's way of doing business relies on victims without secure backups for restoring their files without invoking the attacker's help via ransom. Since malware researchers, to little surprise, verify the Easy2Lock Ransomware's wiping the Restore Points, users should assume that local backups are at risk and maintain at least one alternative on a secondary device. Detachable drives and protected cloud services are general examples that mitigate attacks from almost all file-locker Trojans, including the Easy2Lock Ransomware and the old WastedLocker Ransomware and the BitPaymer Ransomware.

The Evil Corp threat actor has a reputation for preferring enterprise-level businesses instead of home users or smaller organizations. Malware researchers see several infection vectors in use against such demographics. They include e-mail phishing lures with threatening documents, Exploit Kits, watering-hole attacks that abuse compromised or copycat websites, and brute-force attacks against account credentials. Appropriate, general security protocols, like choosing strong passwords and updating software, can limit most infection strategies and the file access of any attackers.

Digital certificates aren't the be-all, end-all for Trojan obfuscation. Robust anti-malware applications will detect and delete the Easy2Lock Ransomware, like any similar threat, and put an end to any possibility of data encryption preemptively.

Windows systems at home or in a work environment are the targets of daily-new attacks by Trojans like the Easy2Lock Ransomware. Its disguise might be slipping, but updates might renew its facade any day, all the better for ransom collection.

Loading...