Walden Systems Geeks Corner News WastedLocker Ransomware Rutherford Nj New Jersey NYC New York City North Bergen County

WastedLocker Ransomware

The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

WastedLocker is a new ransomware operated by the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. WastedLocker is very different from BitPaymer retains the ability to add specific modules for different targets. WastedLocker attacks are highly targeted to specific organizations. It is suspected that during a first attempt, an assessment of active defenses is made. The next attempt will be customized to circumvent the active security software and other perimeter protection. The ransomware name is derived from the filename it creates which includes an abbreviation of the victim.s name and the string "wasted." For each encrypted file, the group create a separate file that contains the ransomware note.

The ransom ranges from $500,000 to over $10 million in Bitcoin. The group make every effort to go after any backups making some organizations feel the need to pay up. Where other ransomware operators are adding the exfiltration and even an auction, the Evil Corp gang has shown no inclination in that direction yet. The Evil Corp gang targets mostly US organizations and it looks like they are staying put with a few victims in Europe. The main members in the group are believed to be Russian.

In general, if this gang found an entrance into your network, it will be impossible to stop them from encrypting at least part of your files. The only thing that can help protect your files is if you have either roll-back technology or a form of off-line backup. With connected backups, you run the chance of your backup files being encrypted as well, which makes the whole point of having them moot. The roll-back technologies are dependent on the activity of the processes monitoring your systems.

This is a very sophisticated and highly targeted type of ransomware. Which means that, given the ransom demands, most of the affected companies will have a dedicated cyber security department. It is important to know the early warning signs of these attacks which may be indicated by breach attempts. At later stages, more disruptive actions may be taken, such as disabled security software, dropped files, and deleted backups.