WastedLocker ransomware was supposedly used by the Evil Corp group, which is known to have delivered Dridex banking malware to attack at least 31 U.S.-based corporations since May 2020. Here we provide an in-depth analysis of WastedLocker, which employs numerous defensive evasion techniques such as digital signing, DLL side-loading, auto-elevation and alternate data streams .

The Nefilim ransomware group, known to be active since February 2020, adopts the Nemty ransomware code written in the Delphi programming language. It uses a Citrix vulnerability/RDP to access corporate networks. Nefilim started its own data leak site called ‘Corporate Leaks,’ where the operators publish exfiltrated data from compromised organizations if they refuse to pay.

The SunCrypt ransomware family was first spotted in October 2019, but it was not very active at that time. The group behind it was independent in the beginning, but they recently joined the so-called Maze cartel – combining forces to rob individuals and companies around the world. This cartel included Maze and LockBit when it first started, but later welcomed Ragnar Locker and now SunCrypt.

NetWalker ransomware was discovered in August 2019 in the wild. It implements a ransomware-as-a-service model, targeting both organizations and individual users. Since March 2020, the operators have managed to extort approximately $25 million.