Two new ransomware strains, “AlumniLocker” and “Humble,” have researchers on their toes. Highlights the ongoing development and diversification of the more significant ransomware threat and underscores that it will be a significant cause for concern in the years ahead.
Researchers at Trend Micro discovered the two new ransomware strains. In the case of AlumniLocker, it seems to be a new variant of the Thanos ransomware. Although new to the game, it is notable for its exorbitant ransom demands, as high as $450,000, payable in Bitcoin, in one recent successful attack.
This one delivers along fairly conventional means, via a malicious PDF that purports to be an invoice and delivered via phishing emails, hoping to lure unsuspecting victims into opening the file. As is increasingly the case in the world of ransomware attacks, AlumniLockers controllers threaten to publish stolen data if no one meets their demands within 48 hours of the attack.
There are two competing theories about the high ransom AlumniLocker demands: One is that the group behind the new strain isn’t in it for the money as much as the damage the publication of the data may cause. If they get a payout, great. If it proves too high, causing some companies to balk, they get to inflict pain in the form of publication of sensitive and proprietary data.
Another theory for AlumniLocker is that the group is just starting out and still finding its footing. As such, they haven’t yet found the “sweet spot.” A payment demand low enough to be readily accepted by a desperate company but high enough to earn them consistently, easy profits.
This ransomware strain is quite different. Although it distributes in much the same way, their ransom demands are quite low; stunningly low, in some cases as little as $10, again, payable in Bitcoin. This has led researchers to conclude that Humble ransomware strain means to target end-users rather than large organizations. If the hackers shift gears and begin targeting the organization, we should expect to see the ransom amount quite a bit.
Another feature that makes the ransomware strain Humble stand out is that they pressure victims into paying by threatening to rewrite their Master Boot Record, rendering the machine entirely unusable. Also of interest, it utilizes Discord (a voice, text, and video service) to send reports back to its controllers.
If you have yet to encounter either of these new threats, stay tuned. It’s probably just a matter of time, so stay on your guard.