WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

This technical report by Fox-IT/NCC Group analyzes WastedLocker, a targeted ransomware variant linked to Evil Corp active since May 2020, detailing attribution, distribution via the SocGholish fake-update framework, custom CobaltStrike loaders and the CryptOne crypter, UAC bypass and privilege escalation techniques, file-encryption and exclusion behaviors, and providing extensive IoCs (domains, sample hashes, beacon configs) and a decrypter reference to support detection and response.