Geek's Advice

Boyne Resorts ski resort operator hit by WastedLocker

Boyne Resorts, an owner and operator of 13 10 ski resorts and 11 golf courses in the United States, was reportedly hit by ransomware attack. The owner of resorts situated in popular ski mountains, such as Montana, Big Sky, Maine or Sugarloaf, suffered an attack by WastedLocker, a highly-targeted ransomware virus, the same one who locked the systems of Garmin earlier this year.

The ransomware reportedly infected Boyne Resorts’ corporate offices first, then penetrated into further IT systems that are used to operate the resorts. The company was forced to suspend the work of the networks so that the virus couldn’t spread further.

During the attack, the ransomware encrypted company’s files and appended .easy2lock extension. Although this is unconfirmed, the ransom note left by this WastedLocker virus’ variant in previous attacks typically looked like this:

At the time of writing this article, Boyne Resorts’ Book Lodging site didn’t provide booking functionality and claimed the “booking engine is down for maintenance.”

It is unknown how long the booking function will be unavailable, but the company expects to restore it in the next few days.

The ransomware associated with Russian cybercrime gang

Many security experts claim that WastedLocker ransomware is a creation of a well-known Russian cybercrime gang, namely Evil Corp (also known as Dridex). The cybercriminals’ gang have been active since 2007 or earlier, and are responsible for the Dridex malware creation, Garmin attack and many others.

United States have since sanctioned the leading member of this gang, Maksim Yakubets (who also goes under nickname “Aqua”), and offers a record reward – $5 million for information leading to the arrest and/or conviction of him.

The hacker has a lengthy list of crimes – conspiracy, conspiracy to commit fraud, wire fraud, bank fraud and intentional damage to a computer. However, Maksim seems to be enjoying his life in Russia freely and flashing his expensive lifestyle.

Boyne Resorts is currently in a complicated situation because United States laws’ prohibit ransom payments. By paying to the developers of WastedLocker, the company would also have to face the consequences of breaking the US laws.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.