Trend Micro researchers have released the details of two new strains of ransomware they are currently following. The first ransomware has been named AlumniLocker and was released in February. The current ransom amount is 10 Bitcoins, or approximately $450,000 to $500,000 USD. The ransomware is delivered to its victims through PDF file attachments claiming to be invoices, which are sent through phishing emails. The PDF contains a link to download a ZIP archive which contains a PowerShell script to deploy the payload. The ransomware warns the victim that if they do not pay the ransom within 48 hours their stolen data will be leaked on the threat group’s website like many other ransomware operators have been doing. Researchers state the inconsistency in the attack techniques and fact that their leak website is not functioning properly is a strong indication that the threat actors are just starting out. AlumniLocker is a variant of the Thanos Ransomware.
The second ransomware that was outlined in the report was dubbed Humble. The Humble ransomware is different from AlumniLocker, as it likely is being used to target individuals rather than companies. The current ransom amount is just .0002 Bitcoins, or about $10. The distribution style is unknown at this time, but it is likely being distributed through phishing emails to individuals. The threat actor warns in their ransom note that if the victim attempts to restart their system, the Master Boot Record (MBR) will be re-written rendering the computer useless. This same threat is made if the ransom is not paid within five days of the infection beginning. Humble is compiled with an executable wrapper (Bat2Exe) in a batch file, which makes it unique. The author also uses Discord to send reports back to themselves.
Analyst Notes
Both of these new ransomware types are unique in their way. Humble is an example that ransomware can affect individuals and not just large corporations. People need to be vigilant when going through their email, whether it is at work or home. Binary Defense suggests pairing anti-virus solutions with Endpoint Detection and Response (EDR) and a continuous monitoring and response service such as the managed security service that is offered at Binary Defense. This along with other measures like employing phishing training and awareness can give organizations the best chance at defending their data. Having a regular backup schedule and disaster recovery plan are both important for organizations to get back to full operation quickly if an attack occurs. Individuals should also keep their personal computers backed up at home in case of ransomware finding its way onto those machines.
More can be read here: https://www.zdnet.com/article/these-two-unusual-versions-of-ransomware-tell-us-a-lot-about-how-attacks-are-evolving/
