What are the most dangerous crypto ransomware?

While interconnectivity turns the world into a global Bitcoin Era village, cyber attacks are predictably on the rise. According to the data reported, the last months of last year saw a peak in the average amount of payments made to hackers responsible for ransomware attacks. Several organizations have been forced to pay millions of dollars to recover their files, taken hostage by the attackers.

In addition to the fact that the current pandemic has left many individuals and companies vulnerable to attacks, the notion that cryptocurrency is an anonymous and untraceable payment method has led many hackers to demand ransoms in Bitcoin (BTC) and other altcoins.

A report published on June 23 by the computer security agency Fox-IT unveiled a group of hackers called Evil Corp, author of a series of new ransomware that forces victims to pay a million dollars in Bitcoin.

The report also reveals that groups like Evil Corp create ransomware that targets database services, cloud environments and file servers with the goal of disabling or compromising a company’s infrastructure backup applications. On June 28, Symantec, the IT security agency, said it blocked a ransomware attack by Evil Corp that targeted about 30 U.S. companies requesting payment in Bitcoin.

These attempted attacks are only the most recent examples of the growing threat posed by ransomware attacks. Below are some of the most malicious programs that require payment in crypto.


WastedLocker is the latest ransomware created by Evil Corp, a group active since 2007 and considered one of the most dangerous cybercrime collectives. After the indictment of two alleged members of the group, Igor Turashev and Maksim Yakubets, in relation to the banking trojans Bugat/Dridex and Zeus, Evil Corp seems to have reduced its activities.

However, researchers now believe that in May 2020 the group resumed the attacks with its most recent creation, the WastedLocker malware. The name is due to the filename created by the program, which adds an abbreviation of the victim’s name to the word „wasted.

By disabling and compromising backup applications, database services and cloud environments, WastedLocker prevents its victims from recovering their files for a longer period of time, even if they have an offline backup configuration. In cases where a company does not have offline backup systems, recovery can be prevented indefinitely.

However, researchers point out that, unlike other hackers who use ransomware to spread the victim’s information, Evil Corp has never threatened to publish such information so as not to draw public attention to itself.