The Russian cybercrime group known as Evil Corp has added a new ransomware variant called WastedLocker to its arsenal. This ransomware is used in targeted attacks against the enterprise. Unlike DoppelPaymer attacks, a ransomware created by a group who split from Evil Corp in 2019, the group does not appear to steal data before encrypting files. To deliver the ransomware, Evil Corp is hacking into sites to insert malicious code that displays fake software update alerts from the SocGholish fake update framework. The ransomware will combine the ‘wasted’ string and the company’s initials to generate an extension that is appended to a victim’s encrypted files.
Source: https://www.bleepingcomputer.com/news/security/new-wastedlocker-ransomware-distributed-via-fake-program-updates/