Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
These two unusual versions of ransomware tell us a lot about how attacks are evolving
#1
Quote:Researchers detail two new types of ransomware - AlumniLocker and Humble. Both are new and have very different ways of doing things, demonstrating the diversity in a space attackers are keep to get involved in.
 
Two newly discovered forms of ransomware with very different traits show just how diverse the world of ransomware has become as more cyber criminals attempt to join in with cyber extortion.
 
Both forms of [color=var(--theme-link_a)]ransomware emerged in February and have been [color=var(--theme-link_a)]detailed by cybersecurity researchers at Trend Micro[/color] –AlumniLocker and Humble - with the two versions attempting to extort a bitcoin ransom in different ways.[/color]
 
AlumniLocker is a variant of [color=var(--theme-link_a)]Thanos ransomware and immediately stands out for [color=var(--theme-link_a)]demanding a payment [/color]of 10 Bitcoins from the infected victim – a figure currently equivalent to around $450,000.[/color]
 
The ransomware is delivered to victims via a malicious PDF attachment claiming to be an invoice which is distributed in [color=var(--theme-link_a)]phishing emails. The PDF contains a link which will extract a ZIP archive which runs a PowerShell script to drop the payload and execute the ransomware.[/color]
 
Like an increasing number of ransomware campaigns, the attackers behind AlumniLocker [color=var(--theme-link_a)]threaten to publish data stolen from the network of their victim if they're not paid within 48 hours – although given the ransom demand is so large, victims may decide it's too much to pay.[/color]
 
The ambitious ransom demand and other inconsistencies in their attack techniques – including how the data leak site doesn't actually work - could indicate that those behind AlumniLocker are probably just starting out.
"It does seem like this might be a new group that does not have experience in successfully ransoming their victims as the ransom demand is much higher than typical. Being that the leak site doesn't work is another example of showing their hand of being newbies. " Jon Clay, director of global threat communications at Trend Micro told ZDNet.
 
Humble ransomware also first appeared during February, but is very different in a number of ways. Firstly, the ransomware is much smaller, demanding just 0.0002 Bitcoins – currently just under $10 – for the return of files, indicating that Humble might be targeting individuals rather than organisations.
 
It's still unknown how exactly Humble is distributed, but researchers note that it's likely to be via phishing attacks.
 
In an effort to push victims towards paying the ransom, Humble threatens the victim by stating that if they restart their system, the Master Boot Record (MBR) will be rewritten, rendering the machine unusable. A second version of Humble carries the same threat, but instead says this will happen if the victim doesn't pay after five days.
 
Humble is unusual for ransomware in being compiled with an executable wrapper (Bat2Exe) in batch file. What's also strange is that it uses Discord – a voice, text and video communications service popular among gamers – to send reports back to its author.
 
Both forms of new ransomware are unusual, but both demonstrate that ransomware continues to be appealing to cyber criminals who see how the top gangs are making so much money, and want to do the same.
 
Organisations can help protect themselves from ransomware attacks with cybersecurity procedures including [color=var(--theme-link_a)]applying patches and using [color=var(--theme-link_a)]multi-factor authentication[/color].[/color]


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware: the most high-profile attacks of 2023 Kaspersky Blog mrtrout 0 713 02-20-2024 , 11:59 PM
Last Post: mrtrout
  The Week in Ransomware - July 22nd 2022 - Attacks abound mrtrout 0 667 07-24-2022 , 03:00 AM
Last Post: mrtrout
  Ransomware Attacks Increased Dramatically in H1 2021 mrtrout 0 579 08-04-2021 , 04:42 AM
Last Post: mrtrout
Information Why Ransomware Attacks Are on the Rise and How the U.S. Can Fight Them mjcn19 0 737 06-18-2021 , 03:57 AM
Last Post: mjcn19
  US and Australia warn of escalating Avaddon ransomware attacks mrtrout 0 1,166 05-11-2021 , 09:57 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)