Recently, researchers have discovered two new ransomware strains, dubbed “AlumniLocker” and “Humble”, both of which have very different ways of doing what they do.
This highlights the ongoing development and diversification of the larger ransomware threat and underscores the fact that it will be a major cause for concern in the years ahead.
Both new strains were discovered by researchers at Trend Micro. In the case of AlumniLocker, it seems to be a new variant of the Thanos ransomware. Although new to the game, is notable for its exorbitant ransom demands, as high as $450,000, payable in Bitcoin, in one recent successful attack.
This one is delivered along fairly conventional means, via a malicious PDF that purports to be an invoice and delivered via phishing emails, hoping to lure unsuspecting victims into opening the file. As is increasingly the case in the world of ransomware attacks, AlumniLockers controllers threaten to publish stolen data if their demands are not met within 48 hours of the attack.
There are two competing theories about the high ransom demands: One is that the group behind the new strain isn’t in it for the money as much as they are the damage that publication of the data may cause. If they get a payout, great. If it proves too high, causing some companies to balk, then they get to inflict pain in the form of publication of sensitive and proprietary data.
Another theory is that the group is just starting out and still finding their footing. As such, they haven’t yet found the “sweet spot.” A payment demand low enough to be readily accepted by a desperate company but high enough to earn them consistent, easy profits.
This one is quite different. Although it is distributed in much the same way, their ransom demands are quite low; stunningly low in fact, in some cases as little as $10, again, payable in Bitcoin. This has led researchers to conclude that Humble is meant to target end users, rather than large organizations, or, if the hackers shift gears and begin targeting organization, we should expect to see the amount of the ransom increase quite a bit.
Another feature that makes Humble stand out is that they pressure victims into paying by threatening to rewrite their Master Boot Record, rendering the machine entirely unusable. Also of interest, it utilizes Discord (a voice, text and video service) to send reports back to its controllers.
If you have yet to encounter either of these new threats, stay tuned. It’s probably just a matter of time, so stay on your guard.