Trend Micro researchers have released the details of two new strains of ransomware they are currently following. The first ransomware has been named AlumniLocker and was released in February. The current ransom amount is 10 Bitcoins, or approximately $450,000 to $500,000 USD. The ransomware is delivered to its victims through PDF file attachments claiming to be invoices, which are sent through phishing emails. The PDF contains a link to download a ZIP archive which contains a PowerShell script to deploy the payload. The ransomware warns the victim that if they do not pay the ransom within 48 hours their stolen data will be leaked on the threat group’s website like many other ransomware operators have been doing. Researchers state the inconsistency in the attack techniques and fact that their leak website is not functioning properly is a strong indication that the threat actors are just starting out. AlumniLocker is a variant of the Thanos Ransomware.
The second ransomware that was outlined in the report was dubbed Humble. The Humble ransomware is different from AlumniLocker, as it likely is being used to target individuals rather than companies. The current ransom amount is just .0002 Bitcoins, or about $10. The distribution style is unknown at this time, but it is likely being distributed through phishing emails to individuals. The threat actor warns in their ransom note that if the victim attempts to restart their system, the Master Boot Record (MBR) will be re-written rendering the computer useless. This same threat is made if the ransom is not paid within five days of the infection beginning. Humble is compiled with an executable wrapper (Bat2Exe) in a batch file, which makes it unique. The author also uses Discord to send reports back to themselves.