Tag :
Cyber Security

WastedLocker ransomware has garnered attention in recent weeks after an attack on Garmin Inc., a leading provider of "GPS navigation and wearable technology to the automotive, aviation, marine, outdoor and fitness markets". The attack resulted in many Garmin Inc. services being suspended, to the frustration of customers globally. WastedLocker was first detected in May 2020, and believed to be related to Evil Corp, a hacking group which adopts a highly targeted strategy to infiltrate high-value targets, and uses the target’s name when composing encrypted suffixes for ransomware files.

Analysis of the Ransomware Behavior

  • The ransomware uses an Alternate Data Stream (ADS) method to avoid detection.
  • The encryption process excludes some directories and suffixes, as follows:
  • File encryption includes the suffix, ”target name + wasted“, as follows:
  • Files including ransom information are generated simultaneously, with the content of the file as follows:
  • The content of the ransom information is as follows:
  • The file in the encryption process is as follows:

Ransomware Detection and Killing

  1. Sangfor's Endpoint Secure, Sangfor Next Generation Application Firewall (NGAF), Cyber Command and other security products effectively detect and defend against ransomware. Users who have deployed related products can conduct a security scan to detect ransomware, as follows: 
  2. Sangfor provides free anti-virus tools capable of detection and killing viruses, available for download here: https://page.sangfor.com/anti-bot-tool

Ransomware Protection

The Sangfor Security Team recommends that ransomware prevention should be a top priority when planning network and application security. At present, files encrypted by ransomware cannot be decrypted, making daily preventative measures all the more critical.

  1. Install patches regularly to fix vulnerabilities.
  2. Regularly perform AND test restoration of non-local backups of important data files.
  3. Don't open email attachments from unknown sources, and don't download software from unknown websites.
  4. Implement a Zero Trust policy and only allow permissions to files and directories to only those users that must have access.
  5. Change account passwords regularly, setting a strong password when doing so. Avoid using the same password for multiple platforms and programs to avoid compromising multiple accounts if credentials are stolen.
  6. If RDP is not required for business, close RDP. If a security incident occurs, use Sangfor NGAF (Next Generation Application Firewall) or the Endpoint Secure micro-isolation function to block ports like 3389 and prevent the spread of malware.
  7. Both NGAF and Endpoint Secure have anti-propagation policies for malware and ransomware. In the event of a malware infection, the firewall will enable rules 11080051, 11080027, 11080016 simultaneously, and open the anti-propagation functionality.
  8. Sangfor recommends that NGAF customers upgrade to the latest version and deploy AI-detection capabilities with Engine Zero to achieve the best defense.
  9. Detect new threats instantly and defend your system using Sangfor's cloud based Platform-X management console.
  10. Sangfor Security Services can help users quickly improve their security capabilities using hybrid "human-machine intelligence", and provide services like equipment security compliance inspection, threat hunting, and related vulnerability inspection. Ensure that risks are detected immediately and that response & mitigation strategies are updated to prevent such threats.

Finally, Using Endpoint Secure, execute a complete virus scan and system vulnerability scan on the entire network to identify and remove potential attack surfaces. Together, Sangfor Cyber Command, NGAF and Endpoint Secure can help you detect and kill ransomware and protect your intranet.

Consultation and Services

Please do not hesitate to contact Sangfor to get a free consultation and support services:

  • Telephone: +60 12711 7129 (or 7511).
  • Visit the Sangfor Community and select the "Chatbox" option on the right bottom for consultation.
  • Contact us through our contact form for more information & support.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

The AT&T Data Breach: Over 73 Million Customer Data Exposed

Date : 15 Apr 2024
Read Now
Cyber Security

What Are the Top 5 Benefits of SD-WAN?

Date : 29 Mar 2024
Read Now
Cyber Security

World Backup Day 2024: Save Digital Memories

Date : 29 Mar 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail