Ransomware Research
WastedLocker Ransomware
WastedLocker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on May 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Wasted, Launchy, BinADS, BinLocker, Easy2lock, Hades, SecCrypt, Phoenix Cryptolocker, PayloadBin, Macaw.
Quick Facts
- Ransomware Family
- WastedLocker
- First Seen
- May 1, 2020
- Known Aliases
- WastedLaunchyBinADSBinLockerEasy2lockHadesSecCryptPhoenix CryptolockerPayloadBinMacaw
How WastedLocker Ransomware Works
File Encryption Patterns
WastedLocker modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[a-z]{1,3}wasted$/..easy2lock..seccrypt..phoenix..saverswasted..PAYLOADBINRansom Note and Payment Demands
After encrypting files, WastedLocker displays ransom notes demanding payment for file recovery:
{origin_filename}/\.[a-z]{1,3}wasted_info$/Ransom message:
notes/PDF2.pdf.rlhwasted_info
Note locations:
EveryFile{origin_filename}.howto_seccryptRansom message:
notes/UseTrace.mpeg.howto_seccrypt
Note locations:
EveryFilePHOENIX-HELP.txtRansom message:
notes/PHOENIX-HELP.txt
Note locations:
EveryFolderPAYLOADBIN-README.txtRansom message:
notes/PAYLOADBIN-README.txt
Note locations:
EveryFoldermacaw_recover.txtTechnical Indicators
Associated Executable Files
The following executable files are associated with WastedLocker ransomware:
Installers.exedwZCHdCcZHBowra.exeLaunchy.exewastedlocker.exePc.exehDdUpFYLDLABpabgy.exeIndex:binIndex.exe_003E0000.exe_003E0000.mem.exeWinresume:binUsbflags:binSecure.exeFAYdwenH0KOcGEz.exeCIXFBHohRPMTfDVPR3nQ.exe0n89oqeLCGWFFZyF.exe8EKWXCJaKFbN56EM.exe892069.exeMsdtc.exemobile:binmui:binname:binMode:binWcncsvc:binBackup.exene06WugPCuismU79fao3caw9rUyMt.exempzAnlO5i8Ff5bpYbmbNrPfvq.exeWastedLocker.exe好用一键重装系统工具绿色版2.5.6.exeEls.exemRCYdBxcmcvsh961zaK.exe720508.exeznb.exeDiagnostics.exe712597.exeScsi:binStorage:binStorage.exefile.exeMpdev:binDevice.exeUsbstor.exeservice:binvideo:binrhd03._xeOptions:binFile:binBit:binUsbstor:binProvider.exeEarly:binServer:binlv3xyhnsiYEddJu.exeContainer:binDemo:binLEyeONORtVGKki0XHNA.exeArbiters:binInstallers:binContent:binList:binIpmi:binSam:binDatabase:binProvision:binSnmp:binPriority:binEvents:binSystem:binZone:binNsi:binNode:binNetwork:binF79}:binSettings:binGlob:binRemote:binGraphics:binNotifications:binCi:binWasted[1].exeTime:binD80:binKeyboard:binMedia:binWmi:binProperties:binSetup2:binDevice:binWasted.exeSession.exePower:binGuard.exeGuard:binwasted.exeAcpi:binAcpi.exegarmin.exeEarly.exeProperties.exeServer.exeWastedLocker_2020_07.binHivelist.exeInterfaces.exefyul.exewinresume:binsample.exePort.exeinterfaces.exeDrivers.exepcw:bino.exeid:bincomputer:binservers:bindiagnostics:bin1111.exeEls:binF-97:binWin:binBackup:binCi.exeidconfig:binpipe:binarbiters:binRansomware.binLibraryPhoenixLocker Ransomware.exeControl.exeOdbcLicensingdrawAccountsControlOffice1.exeFrameworkVideo.exewsqmcons.exeaccesscmgasd.exe
Elastio Can Help You
Don't let WastedLocker ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WastedLocker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WastedLocker.
Last updated: October 30, 2025
Recent Ransomware
Explore other threats in our database