Hacking

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

The systems at the US-based ski and golf resort operator were infected with the WastedLocker ransomware, the incident impacted reservation systems.

Boyne Resorts is a collection of mountain and lakeside resorts, ski areas, and attractions spanning from British Columbia to Maine.  The company owns and operates eleven properties and an outdoor lifestyle equipment/apparel retail division with stores in cities throughout Michigan.  An industry leader in multiple U.S. regions, operations include snowsports and year-round mountain recreation, golf, an indoor waterpark, spas, food and beverage, lodging and real estate development.

Boyne Resorts was the victim of WastedLocker ransomware attack, the incident has impacted reservation systems.

According to BleepingComputer, the ransomware initially breached the corporate offices and then moved laterally targeting the IT systems of the resorts they operate. As result of the attack the company was forced to shut down portions of its network to prevent the ransomware from spreading.

Customers of the company were not able to make reservations at the resorts operated by the company. .

The ransomware encrypted files and renamed their filenames by adding the “.easy2lock” extension, this extension was previously associated with recent WastedLocker ransomware infections.

In July, Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a WastedLocker Ransomware attack.

In June, security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered WastedLocker ransomware.

Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp, which was behind the Dridex Trojan, and multiple ransomware like Locky , Bart, Jaff, and BitPaymer.

Most of the victims belong to the manufacturing industry, followed by IT and media and telecommunications sectors.

This group has been active since at least 2007, in December 2019, the U.S. Treasury Department imposed sanctioned on Evil Corp for causing more than $100 million in financial damages.

The U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V. (32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan, and for their involvement in international bank fraud and computer hacking schemes.

Ransom payments to WastedLocker is not allowed by US authorities, this means that Boyne Resorts could face severe sanctions if it will pay the ransom.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WastedLocker)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Operation RapTor led to the arrest of 270 dark web vendors and buyers

Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…

12 hours ago

Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks

A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…

15 hours ago

U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…

24 hours ago

New Signal update stops Windows from capturing user chats

Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…

1 day ago

Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS

Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…

2 days ago

Russia-linked APT28 targets western logistics entities and technology firms

CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…

2 days ago