WastedLocker Ransomware
The WastedLocker Ransomware is a file-locking Trojan that can block various media formats of data on your computer. Although the WastedLocker Ransomware capable of harming home PC users, its threat actor is deploying it against corporate entities with highly-expensive ransoms preferentially. Server administrators should watch the usual infection risk factors, such as e-mail contact and RDP, and have anti-malware services up-to-date and available for removing the WastedLocker Ransomware.
Trojans Seeking Company Profits Wasted Away
A replacement for the BitPaymer Ransomware campaign is underway, run by the same threat actor – the Dridex gang, AKA Evil Corp – as the old one. The WastedLocker Ransomware's conventional payload makes it a technically pedestrian non-novelty, but there are areas of interest in its ransom note and code. Specifically, for victims, they might concern themselves with the WastedLocker Ransomware's amazingly high ransom demand: up to ten million dollars, in some cases.
The WastedLocker Ransomware's distribution targets enterprise-grade corporations, attacking database services, cloud systems, virtual machines and regular servers. Like much cheaper Trojans with file-locking routines, it encrypts the vulnerable media content before appending a personal extension ('wasted' and the victim's name). Although Evil Corp doesn't collect information in its current attacks, the threat actor may destroy backups and other resources that would facilitate any data recovery.
The WastedLocker Ransomware is exceptional for the raw expense of its ransom demand for the unlocking solution, which may vary between victims, but is generally in the millions. Malware researchers also confirm that the WastedLocker Ransomware isn't a direct patch or update of BitPaymer Ransomware. Despite the similarity of ransom notes, there's little to no code in common between the two programs.
Making Sure that Evil Corp's Effort Goes to Waste
Since Evil Corp prefers enterprise entities as its victims (a marked shift from the days of the Locky Ransomware) currently, malware experts recommend monitoring possible infection vectors that are traditional for that subset of targets. Workers should scrutinize e-mails and scan attachments before opening them and reconsider before enabling features like macros. RDP features, if necessary that they remain available, should be secured by strong credentials. Administrators should check server software versions for public vulnerabilities and manage patches when it's appropriate.
There isn't a free decryption service for the WastedLocker Ransomware, a much higher-end Trojan of its type than Hidden Tear, the Jigsaw Ransomware, or even some RaaSes like the Djvu Ransomware. Users having sufficiently-secured backups on external devices may recover their work, but otherwise, the risk of a ransom is the only recovery solution. Based on the professionalism evidenced by the Evil Corp threat actor previously, malware experts rule out the chances of the ransom's high cost being a miscalculation.
Targeted efforts may result in attackers installing the WastedLocker Ransomware manually after turning off security solutions. However, in most other cases, the user's anti-malware service should delete the WastedLocker Ransomware during the infection attempt.
Evil Corp has some reasons for lying low with multiple members on the FBI's 'most wanted' list, but not so much that they can't turn a profit. With the WastedLocker Ransomware as the successor to the BitPaymer Ransomware, they'll only need one unfortunate 'customer' to get what they want.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.