Two newly discovered forms of ransomware with very different traits show just how diverse the world of ransomware has become as more cyber criminals attempt to join in with cyber extortion Alumni locker and Humble a Bitcoin ransom
AlumniLocker is a variant of Thanos ransomware and immediately stands out for demanding a payment of 10 Bitcoins from the infected victim – a figure currently equivalent to around $450,000.
The ransomware is delivered to victims via a malicious PDF attachment claiming to be an invoice which is distributed in phishing emails. The PDF contains a link which will extract a ZIP archive which runs a PowerShell script to drop the payload and execute the ransomware threaten to publish data if ransom not paid. But on the other hand data leak site doesn’t work which indicate just starting out
Humble ransomware also first appeared during February, but is very different in a number of ways. Firstly, the ransomware is much smaller, demanding just 0.0002 Bitcoins – currently just under $10 – for the return of files, indicating that Humble might be targeting individuals rather than organisations.
It’s still unknown how exactly Humble is distributed, but researchers note that it’s likely to be via phishing attacks.
In an effort to push victims towards paying the ransom, Humble threatens the victim by stating that if they restart their system, the Master Boot Record (MBR) will be rewritten, rendering the machine unusable. A second version of Humble carries the same threat, but instead says this will happen if the victim doesn’t pay after five days.
Humble is unusual for ransomware in being compiled with an executable wrapper (Bat2Exe) in batch file. What’s also strange is that it uses Discord – a voice, text and video communications service popular among gamers – to send reports back to its author.
Both forms of new ransomware are unusual, but both demonstrate that ransomware continues to be appealing to cyber criminals who see how the top gangs are making so much money, and want to do the same.
Organisations can help protect themselves from ransomware attacks with cybersecurity procedures including applying patches and using multi-factor authentication.