Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

WastedLocker Ransomware Hits Boyne Resorts Ski Resort Operator

WastedLocker Ransomware Hits Boyne Resorts Ski Resort Operator

US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems.

Boyne Resorts owns and operates eleven properties located in the USA and Canada and has 11,000 employees. Many of these properties are situated on well-known ski mountains, including Big Sky, Montana, Sugarloaf, Maine, and Brighton, Utah.

Boyne Resorts hit by WastedLocker ransomware

Today, BleepingComputer received an anonymous tip from an alleged Boyne Resorts employee who stated that the company suffered an undisclosed ransomware attack last weekend.

Also Read: The Top 10 Best And Trusted List Of Lawyers In Singapore

We were told that the attack affected their corporate offices and then spread to IT systems of the resorts they operate, forcing them to shut down portions of their network to prevent the ransomware spread.

BleepingComputer has since confirmed with a second source that Boyne Resorts was attacked using the WastedLocker ransomware, the same one used in the attack on Garmin in July.

Due to this attack, it is not possible to book lodging at the resort as the company-wide reservation systems are impacted by the attack, including the online reservation systems at each hotel’s website.

Reservation system outage

BleepingComputer was told that the reservation systems are expected to be down for another couple of days. This attack comes at a bad time for Boyne as people begin to plan potential ski trips for the winter.

As part of this attack, we are told that encrypted files were renamed so that the .easy2lock extension was appended to each file’s name.

BleepingComputer has been able to find a sample of the WastedLocker ransomware uploaded to VirusTotal on October 14th, 2020, that utilizes the .easy2lock extension. Due to its earlier date, we do not believe this is the exact sample used in the attack on Boyne Resorts.

Below is an example ransom note created by this WastedLocker Ransomware variant. This ransom note may not be the same as the one used during Boyne Resort’s attack.

WastedLocker ransomware easy2lock variant

BleepingComputer has contacted Boyne Resorts with further questions about this attack but has not received a reply.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

WastedLocker linked to a US sanctioned hacking group

Security firms attribute WastedLocker to a Russian-based hacking group known as Evil Corp (aka the Dridex gang).

This group has been active since at least 2007 and is known for developing the Dridex malware and a ransomware strain known as BitPaymer.

In December 2019, The U.S. Treasury Department sanctioned Evil Corp for causing more than $100 million in financial damages.

Due to this, it is a tricky situation if Boyne Resorts wanted to pay the ransom as they would potentially violate United States sanctions.

Ransom payments to WastedLocker have become riskier this month, as the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a warning that organizations making ransom payments face sanctions risks if their actions violate OFAC regulations.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us