In 2019 the government barred negotiation firms from facilitating ransom payments for Evil Corp, they renamed their ransomware operations to different names such as WastedLocker
to circumvent these hurdles. After encrypting user files a file PAYLOADBIN-README.txt
is opened with following text.
The network is LOCKED with PAYLOADBIN ransomware. Don't try to use other software.
For decryption KEY write HERE: #1 firstname.lastname@example.org | #2 email@example.com
All encrypted files are padded with .PAYLOADBIN
PayloadBIN Ransomware Signatures
PayloadBIN Ransomware Download