The ransomware reportedly infected Boyne Resorts’ corporate offices first, then penetrated into further IT systems that are used to operate the resorts. The company was forced to suspend the work of the networks so that the virus couldn’t spread further. During the attack, the ransomware encrypted company’s files and appended .easy2lock extension. Although this is unconfirmed, the ransom note left by this WastedLocker virus’ variant in previous attacks typically looked like this: At the time of writing this article, Boyne Resorts’ Book Lodging site didn’t provide booking functionality and claimed the “booking engine is down for maintenance.” It is unknown how long the booking function will be unavailable, but the company expects to restore it in the next few days.
The ransomware associated with Russian cybercrime gang
Many security experts claim that WastedLocker ransomware is a creation of a well-known Russian cybercrime gang, namely Evil Corp (also known as Dridex). The cybercriminals’ gang have been active since 2007 or earlier, and are responsible for the Dridex malware creation, Garmin attack and many others. United States have since sanctioned the leading member of this gang, Maksim Yakubets (who also goes under nickname “Aqua”), and offers a record reward – $5 million for information leading to the arrest and/or conviction of him. The hacker has a lengthy list of crimes – conspiracy, conspiracy to commit fraud, wire fraud, bank fraud and intentional damage to a computer. However, Maksim seems to be enjoying his life in Russia freely and flashing his expensive lifestyle. Boyne Resorts is currently in a complicated situation because United States laws’ prohibit ransom payments. By paying to the developers of WastedLocker, the company would also have to face the consequences of breaking the US laws.