WastedLocker and EndPoint Detect + Response

2 years ago

Cyber attacks are continually sophisticating and evolving ways to circumvent traditional anti-virus. Most recently, technology company Garmin fell victim to a new type of attack, WastedLocker. Attackers set out to steal your valuable business data and to generally cause chaos which can result in lengthy downtime. However, this can generally be avoided if a sophisticated IT security approach and services such as Endpoint Detection and Response (EDR) is adopted. 

What is WastedLocker? 

WasterLocker is a new type of ransomware created by Evil Corp Group (also known as the Dridex Gang). Ransomware is a form of malware that encrypts your files, data, and in some cases, even your backups. As suggested by the name, ransomware holds your encrypted data at ransom. Attackers will typically ask for a payment via Bitcoin or another cryptocurrency, however, there is no guarantee that your data will be released if you pay the ransom. In some cases your data will also be auctioned off to buyers on the dark web. 

The name of this particular ransomware, WastedLocker, is based on the file extension the virus adds to encrypted files. Usually files encrypted by WastedLocker will include the victim’s name and then “wasted”. Fox IT found the virus “hit file servers, database services, virtual machines, and cloud environments”. They also found that WastedLocker makes a deliberate attempt to disrupt backup applications to increase downtime. By deleting and disrupting backups, Evil Corp attempt to incentivise victims to pay the ransom.  

EDR versus Traditional Anti-Virus 

Traditional Anti-Virus works on a reactionary approach and is therefore no longer enough to properly deal with these types of attacks. Similarly, because these attacks are continually evolving, they have mostly found ways to breach traditional anti-virus software. Traditional anti-virus typically investigates based on a set of rules, known threats, patterns and characteristics to detect threats. Essentially, traditional anti-virus is a reactive tool, however, what is needed is a proactive tool. 

SolarWinds’s SentinelOne is an example of next generation anti-virus. SentinelOne includes both endpoint protection (EPP) and endpoint detection and response (EDR). As well as this, SentinelOne also includes Active EDR which uses deep visibility and threat hunting. This means not only does SentinelOne wait for threats, but it also actively hunts for threats to detect. You can read more about threat hunting here. 

SentinelOne in Action 

Recently, SentinelOne detected suspicious activity on an endpoint device of a Milnsbridge customer. In this particular instance it only took a few milliseconds to install thousands of malicious files however, SentinelOne detected this in real time and was able to stop and quarantine the attack before it spread. Without SentinelOne it may have taken days to track and completely clean the affected files. However, SentinelOne provide a story board and transcript of exactly how the attack took place and which files were corrupted on their easy-to-use dashboard interface. Read more about SentinelOne here.

WastedLocker is another example of the highly aggressive ransomware attacks that are constantly being weaponised against small/medium businesses and enterprises. SentinelOne is just one part of Milnsbridge’s robust secure operating environment (SOE) designed to minimise downtime and keep customer’s data safe.  

To find out more about SentinelOne or Managed Security call Milnsbridge IT on 1300 300 293. 

Let’s get started

Get in touch today and speak with one of our friendly staff. We will take the time to assess your business requirements and provide an obligation-free quote.