WastedLocker - Ransomware Monitor

Total Victims

2020-05-01

First Seen

2026-03-06

Last Seen

Known TTPs

2.0d

Avg Delay

Negotiations

ONION URLS

weepangrbqjfsxd2noz4bmolztnqsma3vw4c6qfnbfusadzd2m26emqd.onion

TOOLS

Sliver C2 QBot Chisel MegaSync

FILE EXTENSIONS

.help

ACTIVITY TIMELINE

TOP SECTORS

TOP COUNTRIES

ACTIVITY HEATMAP

Date	Victim Name	Country	Sector	Status
2026-03-06	Grand Global	Korea, Republic of	Education	Published
2026-03-06	Advanced Manufacturing	South Africa	Mining	Published
2026-03-05	Keystone Networks	Brazil	Construction	Published
2026-03-04	Atlantic Holdings	Germany	Telecommunications	Published
2026-02-25	Heritage Associates	Singapore	Transportation	Published
2026-02-05	Capital Inc	Netherlands	Media	Published
2026-01-13	Central Associates	United States	Automotive	Published
2026-01-07	Innovation Partners	United Kingdom	Pharmaceuticals	Published
2021-11-18	Eagle Net Inc.	United Kingdom	Real Estate	Published
2021-11-18	Phoenix Defense LLC	United States	Utilities	Removed
2021-11-11	SolarWave	United States	Media & Entertainment	Published
2021-11-05	Stone Place GmbH	Switzerland	Healthcare	Published
2021-10-12	Excel Works	Venezuela, Bolivarian Republic of	Technology	Published
2021-10-10	Verde Rail	Lithuania	Financial Services	Published
2021-10-03	Star Industries GmbH	Netherlands	Real Estate	Published
2021-10-01	Steel Storage LLC	United States	Manufacturing	Published
2021-09-28	Peak Cast GmbH	United States	Manufacturing	Published
2021-09-23	Southern Info	United States	Education	Published
2021-09-18	Navigator Connect Inc.	France	Retail	Published
2021-09-18	Cross Cloud	Czechia	Healthcare	Published
2021-09-02	Innovative Health LLC	Italy	Retail	Published
2021-08-23	Nova Ware	United States	Manufacturing	Published
2021-08-21	Heritage Tech Ltd	Estonia	Telecommunications	Negotiating
2021-08-21	DiamondPoint	Panama	Transportation	Published
2021-08-11	Universal Engineering Inc.	Indonesia	Manufacturing	Published
2021-07-24	Sunrise Bank LLC	Latvia	Mining	Published
2021-07-19	Keystone Build Inc.	United Kingdom	Healthcare	Published
2021-07-19	Noble Packaging Inc.	Korea, Republic of	Professional Services	Published
2021-07-17	SterlingPharma	Indonesia	Education	Removed
2021-07-13	Lake Vision GmbH	Israel	Legal	Published
2021-07-09	Wind Robotics LLC	United States	Manufacturing	Published
2021-07-07	SolarEnterprises	South Africa	Retail	Removed
2021-07-05	Universal Cast Ltd	Singapore	Financial Services	Removed
2021-06-25	Guardian Transport LLC	Brazil	Technology	Published
2021-06-24	Magna Works GmbH	Slovenia	Energy	Published
2021-06-12	Heritage Web	Canada	Professional Services	Negotiating
2021-06-10	Golden Path Inc.	United States	Pharmaceuticals	Published
2021-05-21	SterlingLegal	United States	Construction	Published
2021-05-17	Eagle Trade Ltd	Canada	Financial Services	Removed
2021-05-13	StrategicRealty	Australia	Healthcare	Removed
2021-05-10	Maple Guard Ltd	United Kingdom	Energy	Published
2021-05-07	ProgressiveHospital	United States	Professional Services	Published
2021-05-03	PatriotSupply	Slovenia	Technology	Removed
2021-04-20	White Trade Ltd	United States	Government	Published
2021-04-15	Meridian Bio Inc.	Luxembourg	Healthcare	Published
2021-04-12	Crown Wellness	Sweden	Technology	Published
2021-04-07	Synergy Media Inc.	Costa Rica	Telecommunications	Published
2021-04-04	SouthPlus	Portugal	Financial Services	Published
2021-03-26	Tri Holdings	Venezuela, Bolivarian Republic of	Energy	Published
2021-03-18	Solar Energy	United States	Retail	Published
2021-03-12	NorthwestHomes	Mexico	Media & Entertainment	Published
2021-03-01	Oak & Horizon Innovations	Malaysia	Retail	Removed
2021-02-23	Palm Energy	Chile	Technology	Published
2021-02-20	VistaCloud	Brazil	Technology	Removed
2021-02-06	HeritagePro	United Kingdom	Manufacturing	Published
2021-01-24	River & Blue Place	Croatia	Construction	Published
2021-01-09	West Comm Inc.	Indonesia	Education	Published
2020-12-25	Heritage Wire Ltd	United States	Technology	Published
2020-12-17	Patriot Auto Inc.	United States	Retail	Published
2020-11-16	Integral Info Inc.	Finland	Insurance	Removed
2020-10-10	NorthwestInfo	Portugal	Retail	Published
2020-10-01	Spring Engineering	United States	Automotive	Published
2020-09-28	Euro & Eagle Electronics	Canada	Manufacturing	Published
2020-09-27	Pioneer Security Inc.	Czechia	Retail	Published
2020-09-13	City Foods GmbH	United Kingdom	Real Estate	Published
2020-08-27	Western & Platinum Industries	Italy	Government	Published
2020-08-23	National Financial LLC	United States	Manufacturing	Published
2020-08-19	River Mobile Inc.	Portugal	Energy	Removed
2020-08-12	Wolf & United Group	Latvia	Media & Entertainment	Removed
2020-08-09	IronData	Finland	Government	Removed
2020-07-27	SynergyBio	Belgium	Telecommunications	Published
2020-07-22	SagePrint	Guatemala	Transportation	Published
2020-07-13	StarData	India	Real Estate	Removed
2020-07-06	Quest Aero GmbH	Belgium	Professional Services	Removed
2020-07-06	Pro & Key Materials	India	Telecommunications	Removed
2020-06-14	Heritage Financial Inc.	Ukraine	Construction	Published
2020-06-13	Delta Express	France	Healthcare	Published
2020-06-13	Innovative Pharma GmbH	Italy	Professional Services	Published
2020-06-03	FrontierAuto	Ecuador	Manufacturing	Removed
2020-05-18	Innovative Connect Ltd	United States	Transportation	Published
2020-05-18	Pulse & Sterling Group	Poland	Technology	Published
2020-05-17	TrustLabs	Croatia	Pharmaceuticals	Removed

No TTPs data

No YARA rules

Type	Value	Description
sha1	47258849114fd01d85e03ca7b21b212d18ec6549	Dropper hash observed in WastedLocker attacks
sha256	9e12fc9368a36ef1c6250df6980f367905937197bb110e444f40023239114ddb	Infrastructure linked to WastedLocker
sha1	3b68b22ceb4dc4a8f5c304ba0fd0ca8937ab60f3	Infrastructure linked to WastedLocker
sha1	3b6aea63996c63fce7355af662667428f3d09b77	Associated with WastedLocker ransomware
ip	85.29.56.110	C2 server IP observed in WastedLocker attacks
sha256	078448b3c0a53e17fb06bb7ea52cc3e4d574cfd3ed67b4ce5f47a735910ec97e	Ransomware binary hash - WastedLocker campaign
md5	6e203942620dd3020bb870b6634fa397	Infrastructure linked to WastedLocker
sha256	1670d444122a460f0d86f12dedc5d7e56caed3190ac391cc7d10cc1aa1246c5c	Ransomware binary hash observed in WastedLocker attacks
email	admin557@tutanota.com	Contact email - WastedLocker campaign

No ransom notes

WastedLocker Active