Recently, ransomware attacks have been observed that reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies. These highly targeted campaigns distribute the WastedLocker ransomware. The WastedLocker ransomware is a relatively new malicious payload used by the high-profile EvilCorp MTA, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. This MTA currently focuses on targeted “big game hunting” (BGH) ransomware attacks with multiple industry victims in recent months, with Garmin as one of the latest high-profile victims attacked (officially confirmed by Garmin on July 27). The most recent ransom amount demanded was US$10M and appears to be based on the victim’s financial data. Based on the available details, the ransom was likely paid. To date, this MTA appears to have been using a mono-extortion scheme (data encryption only, with no or minimal data leakage) vs. other MTAs who use the threat of leaking a victim’s data as part of a double-extortion scheme (such as, e.g. Netwalker, Maze, and others).