More recently, Fox-IT experts spoke about the latest activity of the famous hacker group Evil Corp, which is often associated with Russian special services. Experts found that in 2020, attackers replaced the obsolete ransomware BitPaymer, which they used since the beginning of 2017, with a more modern malware, called WastedLocker.
Fox-IT experts believe that the use of WastedLocker began in May 2020. According to them, so far the ransomware has been used exclusively against American companies, and the amount of ransoms that Evil Corp requires from victims is estimated at millions of dollars. For example, researchers know a case where hackers requested $ 10,000,000 from a company. Based on data from VirusTotal, analysts wrote that WastedLocker was used as intended at least five times.
Now own reportSymantec Introduces WastedLocker According to analysts, at the present time we are not talking about five victims: at least 31 American organizations have been attacked. Most of the victims are large and well-known corporations. The list of alleged victims of hackers includes large private companies, as well as 11 public companies, 8 of which are on the Fortune 500 list.
Attackers did not focus on a specific sector and attacked a variety of industries: manufacturers (5 organizations) were the most affected, followed by IT companies (4 victims), as well as media and telecommunications (3 victims).
Symantec experts emphasize that their statistics only take into account attacks directly against the company's customers, that is, the total number of victims of WastedLocker can be much higher.
“If the attackers weren’t frustrated, successful attacks could lead to millions of losses, downtime and the possible effect of dominoes in the field of supply chains,” experts warn.
“Once the attackers gain access to the victim’s network, they use Cobalt Strike in tandem with several other tools designed to steal credentials, escalate privileges and spread over the network. All this is used to deploy the WastedLocker ransomware on more computers, ”write Symantec experts.