The Evil Corporation Behind WastedLocker
WastedLocker malware is a new variant of ransomware developed by a Russian-based company formed to commit cybercrimes. Aptly named “Evil Corp,” the company began malware attacks in 2007, initially focusing on banks and became famous for Dridex, which led to sanctions by the US Department of the Treasury in December 2019.
Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader. – Press release, US Dept. of Treasury.
In 2020, a new strain of WastedLocker malware emerged. It appears to target US-based companies exclusively and demands ransoms in the millions of dollars. WastedLocker is customized and uses AES + RSA cryptography which means that once encrypted, the data cannot be unencrypted without the RSA key from the hackers.
The most recent and notable WastedLocker victim was Garmin. Evil Corp tailored scripts to include the company’s name and left ransom instructions in a file as a part of the deployment. Garmin allegedly paid a ransom of $10 million after a four-day global outage to get their decryption key.
As with many ransomware variants, WastedLocker aggressively targets local and cloud resources, including backups in order to prevent restores. It is crucial to have copies of backups that are not accessible from production or backup networks because those will often be encrypted as well, thus benefiting the bad actors. Since your cloud resources are often accessible from your corporate networks, they are at risk.
Global Data Vault designed a solution to combat this problem and provide next-level protection for your offsite backups. Enhanced Data Protection provides the gap needed to separate and quickly recover what you need.