A new ransomware, called WastedLocker, has made itself know in the last few months, targeting US companies and organizations. Read on to understand this malware and others and what warning signs you should look for.

Believe it or not, the cyber attackers of current malware are known as malware gangs and operate to infiltrate organizations, kidnap their data and demand ransom. The current WastedLocker is operated by a malware gang know as Evil Corp, reportedly operating out of Russia (see article from malwarebytes.) It sounds like a Russian spy novel, but these attacks are sadly real.

The hackers first pursue an active assessment of the organization’s defenses and then attempt to go around the active security software and other protection. For each encrypted file, the attackers create a separate file with a ransomware note. Ransoms demanded can range from $500,000 to $10 million in Bitcoin. They go after any backups. The best defense is to use off site backups in addition to other backups to retrieve your data.

There are warning signs that could mean you are already under attack but might be able to still take action. According to zdnet.com, the average ransomware attack on an organization can take from 60 to 120 days to move from a security breach to actual delivery of ransomware. The hackers can spend weeks investigating the network for weaknesses before the ransomware encrypts the files. RDP or Remote Desktop Protocol is one of the common ways for ransomware gangs to gain access into a network.

Advice and Warning Signs

It is always prudent to assess your environment periodically with your tech support. Understand your RDP exposure. Make sure you have 2 factor authentication on those links or have them behind a VPN. This is especially important with more staff working from home, which always brings more vulnerability.

Beware of unexpected software tools appearing on the network. Attackers easily start with one PC through a phishing email scam and these unexpected tools might pop up. Another thing to look out for is MimiKatz, a tool used by hackers to steal passwords. The hackers can create admin accounts and disable security software.

Best Prevention

We continue to advise that you keep software patches up to date. Don’t click on random links and have strong passwords with 2 factor authentication. (Read more on our blog about multi factor authentication and cyber attack prevention.)

Stay in frequent contact with your tech support or MSP two ensure you are educated and on the same page in ensuring your security.

Stay safe!