- Home
Detectable Ransomware WastedLocker
Ransomware Research
WastedLocker Ransomware
WastedLocker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on May 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Wasted, Launchy, BinADS, BinLocker, Easy2lock, Hades, SecCrypt, Phoenix Cryptolocker, PayloadBin, Macaw.
Quick Facts
- Ransomware Family
- WastedLocker
- First Seen
- May 1, 2020
- Known Aliases
- WastedLaunchyBinADSBinLockerEasy2lockHadesSecCryptPhoenix CryptolockerPayloadBinMacaw
How WastedLocker Ransomware Works
Targeted Files
https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/ https://www.joesandbox.com/analysis/430001/0/html
File Encryption Patterns
WastedLocker modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[a-z]{1,3}wasted$/
..easy2lock
..seccrypt
..phoenix
..saverswasted
..PAYLOADBIN
Ransom Note and Payment Demands
After encrypting files, WastedLocker displays ransom notes demanding payment for file recovery:
{origin_filename}/\.[a-z]{1,3}wasted_info$/
Ransom message:
notes/PDF2.pdf.rlhwasted_info
Note locations:
EveryFile
{origin_filename}.howto_seccrypt
Ransom message:
notes/UseTrace.mpeg.howto_seccrypt
Note locations:
EveryFile
PHOENIX-HELP.txt
Ransom message:
notes/PHOENIX-HELP.txt
Note locations:
EveryFolder
PAYLOADBIN-README.txt
Ransom message:
notes/PAYLOADBIN-README.txt
Note locations:
EveryFolder
macaw_recover.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with WastedLocker ransomware:
Installers.exe
dwZCHdCcZHBowra.exe
Launchy.exe
wastedlocker.exe
Pc.exe
hDdUpFYLDLABpabgy.exe
Index:bin
Index.exe
_003E0000.exe
_003E0000.mem.exe
Winresume:bin
Usbflags:bin
Secure.exe
FAYdwenH0KOcGEz.exe
CIXFBHohRPMTfDVPR3nQ.exe
0n89oqeLCGWFFZyF.exe
8EKWXCJaKFbN56EM.exe
892069.exe
Msdtc.exe
mobile:bin
mui:bin
name:bin
Mode:bin
Wcncsvc:bin
Backup.exe
ne06WugPCuismU79fao3caw9rUyMt.exe
mpzAnlO5i8Ff5bpYbmbNrPfvq.exe
WastedLocker.exe
好用一键重装系统工具绿色版2.5.6.exe
Els.exe
mRCYdBxcmcvsh961zaK.exe
720508.exe
znb.exe
Diagnostics.exe
712597.exe
Scsi:bin
Storage:bin
Storage.exe
file.exe
Mpdev:bin
Device.exe
Usbstor.exe
service:bin
video:bin
rhd03._xe
Options:bin
File:bin
Bit:bin
Usbstor:bin
Provider.exe
Early:bin
Server:bin
lv3xyhnsiYEddJu.exe
Container:bin
Demo:bin
LEyeONORtVGKki0XHNA.exe
Arbiters:bin
Installers:bin
Content:bin
List:bin
Ipmi:bin
Sam:bin
Database:bin
Provision:bin
Snmp:bin
Priority:bin
Events:bin
System:bin
Zone:bin
Nsi:bin
Node:bin
Network:bin
F79}:bin
Settings:bin
Glob:bin
Remote:bin
Graphics:bin
Notifications:bin
Ci:bin
Wasted[1].exe
Time:bin
D80:bin
Keyboard:bin
Media:bin
Wmi:bin
Properties:bin
Setup2:bin
Device:bin
Wasted.exe
Session.exe
Power:bin
Guard.exe
Guard:bin
wasted.exe
Acpi:bin
Acpi.exe
garmin.exe
Early.exe
Properties.exe
Server.exe
WastedLocker_2020_07.bin
Hivelist.exe
Interfaces.exe
fyul.exe
winresume:bin
sample.exe
Port.exe
interfaces.exe
Drivers.exe
pcw:bin
o.exe
id:bin
computer:bin
servers:bin
diagnostics:bin
1111.exe
Els:bin
F-97:bin
Win:bin
Backup:bin
Ci.exe
idconfig:bin
pipe:bin
arbiters:bin
Ransomware.bin
Library
PhoenixLocker Ransomware.exe
Control.exe
Odbc
Licensing
draw
Accounts
Control
Office
1.exe
Framework
Video.exe
wsqmcons.exe
access
cmgasd.exe
Elastio Can Help You
Don't let WastedLocker ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WastedLocker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WastedLocker.
Last updated: July 30, 2025