The most malicious ramsomware attacks require payments with crypto currencies

As interconnection turns the world into a global village, cyber attacks are expected to increase. There was a reported spike in the average payments made to ransomware attackers at the end of last year, as several organizations were forced to pay millions of dollars to have their files released by malware attackers.

Aside from the fact that the current pandemic has left many individuals and companies vulnerable to attack, the notion that crypto currencies are an anonymous and untraceable payment method has led many ransomware attackers to demand ransom payments on Bitcoin (BTC) and other altcoins.

Recently, a report released on June 23 by the cyber security firm Fox-IT revealed a group of malware called Evil Corp that has been pestering with new ransoms demanding that its victims pay a million dollars in Bitcoin.

The report also reveals that groups like Evil Corp create ransomware targeting database services, cloud environments and file servers with the intention of disabling or disrupting backup applications in a company’s infrastructure. On June 28, cyber security firm Symantec reported that it had blocked a ransomware attack by Etoro that targeted about 30 U.S. companies for payment at Bitcoin.

University of California pays $1 million data ransom in crypto currency

These attack attempts are just the most recent examples of the growing threat of ransomware attacks. Below are some of the more malicious rescues that have demanded payment in crypts.

WastedLocker is the latest rescue program created by Evil Corp, a group active since 2007 and considered one of the most lethal cybercrime teams. Following the indictment of two alleged members of the group, Igor Turashev and Maksim Yakubets, in connection with the Bugat/Dridex and Zeus banking Trojans, Evil Corp allegedly reduced its activity.

However, researchers now believe that as of May 2020, the group has resumed attacks once again, with the malware WastedLocker as its latest creation. The malware has been named „WastedLocker“ because of the file name created by the malware, which adds an abbreviation of the victim’s name to the word „wasted“.

By disabling and disrupting backup applications, database services, and cloud environments, WastedLocker prevents its victims from recovering their files for a longer period of time, even if there is an offline backup configuration. In cases where an enterprise lacks offline backup systems, recovery can be prevented indefinitely.

However, researchers note that, unlike other rescue program managers who leak victims‘ information, Evil Corp. has not threatened to publish victims‘ information to avoid drawing public attention to itself.