Symantec, a division of Broadcom, claimed that it was able to identify and alert its customers of a string of attacks against firms in the United States by attackers trying to deploy the WastedLocker ransomware (Ransom.WastedLocker) on their networks.
According to Symantec, it was able to block the WastedLocker ransomware attack on time after an early alert. The ransomware attack comes from a group known to demand payment in Bitcoin (BTC) and it is directed at 30 companies in the United States and Fortune 500 companies.
“WastedLocker has been attributed to the notorious “Evil Corp” cyber crime outfit. Evil Corp has previously been associated with the Dridex banking Trojan and BitPaymer ransomware, which are believed to have earned their creators tens of millions of dollars.”
The cybersecurity company noted that Evil Corp targeted the firms’ IT infrastructures, using the ransomware WastedLocker and was able to breach the security of their networks. However, they were unsuccessful in their attempt to lay the ground for staging the attacks.
“The end goal of these attacks is to cripple the victim’s IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion dollar ransom…The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks.”
On June 23, cybersecurity company Fox-IT, a division of NCC Group, reported the return of the Evil Corp group. Fox-IT claimed it detected a new ransomware locker known as WastedLocker which has been in use since May 2020. Both Dridex malware and BitPaymer ransomware have been associated with Evil Corp in the past, as it has been operating the Dridex malware since July 2014 while BitPaymer ransomware became prominent in the first half of 2017.
According to Fox-IT, it has been tracking the activities of the Evil Corp group for many years, despite the group changing its composition since 2011. The group is renowned for asking its victims to pay million-dollar ransom payments in cryptocurrencies like Bitcoin.
Although Symantec did not mention the intended victims, it noted that the manufacturing sector was most affected, as the group targeted five organizations related to the industry. Symantec has provided protection measures for customers against WastedLocker attacks and associated activities, including file-based protection and intrusion prevention.