WastedLocker

Malware updated 25 days ago (2024-08-14T09:29:35.292Z)

Download STIX

Preview STIX

WastedLocker is a malicious software, or malware, developed in 2020 by the Evil Corp Group. It's a phone ransomware that targets both Windows and Android devices, capable of exploiting and damaging your computer or device without your knowledge. WastedLocker is a part of a lineage of malware that includes DoppelPaymer (developed in 2019) and utilizes a Delphi-based crypter known as CryptOne, which dates back to 2015. CryptOne has been used with various other malware families such as Gozi, Dridex, NetWalker, and indeed WastedLocker. The attackers have previously employed SocGholish to target numerous newspaper websites operated by a U.S. media company. SocGholish has been used as a primer for several ransomwares, including WastedLocker, LockBit, Drydex, Hive, among others. A unique feature of WastedLocker is its ability to detect and disable a list of security software, using samples crypted by the CryptOne crypter. Unlike many malwares that target specific extensions, WastedLocker includes a list of directories and extensions to exclude from the encryption process. A variant of WastedLocker, Hades ransomware, uses a different User Account Control (UAC) bypass than WastedLocker. However, both implementations are sourced directly from the open-source UACME project. Interestingly, Hades writes a single ransom note named "HOW-TO-DECRYPT-[extension].txt" to traversed directories, contrasting WastedLocker’s approach of creating a note for each encrypted file. The continued development of WastedLocker ransomware signifies the persistent attempts by its creators to distance themselves from known tooling to aid in bypassing sanctions imposed on them.

Description last updated: 2024-08-14T09:12:27.691Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Cryptone	2	CryptOne is a Delphi-based crypter malware, dating back to 2015, that has been frequently used by various malicious software families such as Gozi, Dridex, NetWalker, and WastedLocker. This crypter is reportedly offered as a Crypter-As-A-Service and it's capable of detecting and disabling a list of

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Windows

Crypter

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Socgholish	Unspecified	3	SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof
Gozi	Unspecified	2	Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c

Source Document References

Information about the WastedLocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Quick Heal Technologies Ltd.	a month ago	Mobile Ransomware: How to Keep Them at Bay!
CERT-EU	a year ago	Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
BankInfoSecurity	a year ago	Fake Browser Updates Used to Deploy Malware
SecurityIntelligence.com	a year ago	The Trickbot/Conti Crypters: Where Are They Now?
MITRE	2 years ago	INDRIK SPIDER: WastedLocker Superseded by Hades Ransomware
MITRE	2 years ago	WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
MITRE	2 years ago	WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
MITRE	2 years ago	WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
MITRE	2 years ago	Stopping Serial Killer: Catching the Next Strike - Check Point Research