Symantec recently uncovered a plan for a large-scale cyberattack targeting dozens of U.S. corporations using WastedLocker ransomware.
The cybercriminals had already "breached the networks of targeted organizations and were in the process of laying the groundwork for staging ransomware attacks." At least 31 customer organizations are known to have been attacked, and experts believe the total number of attacks is much higher.
All of the identified targeted organizations are located in the U.S., and most of them are major corporations. They represented a diverse range of sectors including manufacturing, information technology, as well as media and telecommunications. At least eight of them were Fortune 500 companies.
The goal of the cybercriminals was to encrypt most of the computers and servers of the targeted organization, making their information technology infrastructure inoperable. The cybercriminals would then demand a multimillion-dollar ransom.
After the cybercriminals access the victim's network, they use Cobalt Strike commodity malware along with other tools to "steal credentials, escalate privileges, and move across the network in order to deploy the WastedLocker ransomware on multiple computers." The attack also used the Windows Management Instrumentation Command Line Utility (wmic.exe) to execute commands on remote computers.
The "Evil Corp" cybercrime outfit, which is associated with the Dridex banking Trojan and BitPaymer ransomware, has been credited with creating WastedLocker. Evil Corp has likely netted tens of millions of dollars from their previous two campaigns. "WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations" symantec-enterprise-blogs.security.com (Jun. 25, 2020).