The group associated with the Zeus trojan, Locky and BitPaymer looks to have debuted a new ransomware and have already seen massive distribution of it in the wild.
The bad guys waste no time. This new variant of ransomware has already been used to attack major corporations. According to Symantec, at least 31 large private corporations – eight, of which, are Fortune 500 companies – were attacked using WastedLocker.
This new ransomware still utilizes the malicious JavaScript-based framework known as SocGholish to trick victims into believing they are actually downloading updates to Flash or their browser. Over 150 websites – including U.S. news websites – have been compromised and infected with SocGoulish in an attempt to increase the number of compromised machines and organizations.
Once an initial endpoint is compromised, traditional internal threat actions are taken including stealing of credentials, escalation of privileges, and lateral movement all occur until enough control over a network is achieved to make deploying WastedLocker worthwhile.
Organizations should take precautions – particularly in the area of user education. Teaching a user how to spot a fake “your browser needs to be updated” window on a website is an easy way to avoid becoming the victim of this new ransomware. But organizations need to go farther than this single method of attack, using Security Awareness Training to educate users on all common tactics, and to generally elevate the user’s thinking about how they approach email and the web with a mindset that scrutinizes their every interaction.