WastedLocker Ransomware Description
The WastedLocker Ransomware is a file-locking Trojan that can block various media formats of data on your computer. Although the WastedLocker Ransomware capable of harming home PC users, its threat actor is deploying it against corporate entities with highly-expensive ransoms preferentially. Server administrators should watch the usual infection risk factors, such as e-mail contact and RDP, and have anti-malware services up-to-date and available for removing the WastedLocker Ransomware.
Trojans Seeking Company Profits Wasted Away
A replacement for the BitPaymer Ransomware campaign is underway, run by the same threat actor – the Dridex gang, AKA Evil Corp – as the old one. The WastedLocker Ransomware's conventional payload makes it a technically pedestrian non-novelty, but there are areas of interest in its ransom note and code. Specifically, for victims, they might concern themselves with the WastedLocker Ransomware's amazingly high ransom demand: up to ten million dollars, in some cases.
The WastedLocker Ransomware's distribution targets enterprise-grade corporations, attacking database services, cloud systems, virtual machines and regular servers. Like much cheaper Trojans with file-locking routines, it encrypts the vulnerable media content before appending a personal extension ('wasted' and the victim's name). Although Evil Corp doesn't collect information in its current attacks, the threat actor may destroy backups and other resources that would facilitate any data recovery.
The WastedLocker Ransomware is exceptional for the raw expense of its ransom demand for the unlocking solution, which may vary between victims, but is generally in the millions. Malware researchers also confirm that the WastedLocker Ransomware isn't a direct patch or update of BitPaymer Ransomware. Despite the similarity of ransom notes, there's little to no code in common between the two programs.
Making Sure that Evil Corp's Effort Goes to Waste
Since Evil Corp prefers enterprise entities as its victims (a marked shift from the days of the Locky Ransomware) currently, malware experts recommend monitoring possible infection vectors that are traditional for that subset of targets. Workers should scrutinize e-mails and scan attachments before opening them and reconsider before enabling features like macros. RDP features, if necessary that they remain available, should be secured by strong credentials. Administrators should check server software versions for public vulnerabilities and manage patches when it's appropriate.
There isn't a free decryption service for the WastedLocker Ransomware, a much higher-end Trojan of its type than Hidden Tear, the Jigsaw Ransomware, or even some RaaSes like the Djvu Ransomware. Users having sufficiently-secured backups on external devices may recover their work, but otherwise, the risk of a ransom is the only recovery solution. Based on the professionalism evidenced by the Evil Corp threat actor previously, malware experts rule out the chances of the ransom's high cost being a miscalculation.
Targeted efforts may result in attackers installing the WastedLocker Ransomware manually after turning off security solutions. However, in most other cases, the user's anti-malware service should delete the WastedLocker Ransomware during the infection attempt.
Evil Corp has some reasons for lying low with multiple members on the FBI's 'most wanted' list, but not so much that they can't turn a profit. With the WastedLocker Ransomware as the successor to the BitPaymer Ransomware, they'll only need one unfortunate 'customer' to get what they want.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to WastedLocker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.