Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
Especially in the context of the number of ransomware gangs as well as ransomware attacks recorded more and more frequently today.
Both new ransomware strains appeared around February, and were spotted by cybersecurity researchers at Trend Micro - AlumniLocker and Humble. It is worth mentioning that these two versions of ransomware are both trying to 'tap' data from victims in different ways, even though they are targeting bitcoin.
After analyzing in depth, the researchers discovered that AlumniLocker is a variant of the Thanos ransomware. As soon as the target's data is encrypted, it will immediately request payment of 10 Bitcoin ransom in exchange for the decryption key - about 450,000 USD currently.
This ransomware is usually transmitted through a malicious PDF attachment disguised as a valid invoice, distributed and included in phishing emails. This PDF file contains a link that will extract the ZIP file running the PowerShell script to trigger the payload and execute the ransomware.
Like the growing number of ransomware campaigns, the attackers behind AlumniLocker threatened to release stolen data from victims if they didn't pay the ransom within 48 hours. In practice, though, this ransom is too large and may be beyond the victim's ability to pay.
AlumniLocker's 'ambitious' ransom demands and other contradictions in the hacking technique - including how the website disclosing stolen data doesn't actually work - may indicate that the people behind it The malicious code is most likely just the 'novice' to move to work in this ransomware array.
'It seems that this could be a new group of hackers, not experienced in optimizing the effectiveness of attacks because the ransom is much higher than usual. In addition, the website's inactive leak is another example that this is a new hacker group, '' said Jon Clay, senior security engineer at Trend Micro.
A second new ransomware strain, Humble, made its debut in February as well, as it works in a completely different way. First, Humble requires a much smaller data ransom than AlumniLocker, at just 0.0002 Bitcoin - less than $ 10 at current rates. This suggests that Humble may be targeting individual individuals instead of organizations as a common trend in the ransomware world.
It is not known exactly how Humble was distributed, but researchers note that the malware is more likely to be transmitted via phishing attacks.
In an attempt to push the victim to pay the ransom, Humble threatened by saying that if they rebooted their system, the Master Boot Record (MBR) would be rewritten, making the computer unusable.
Humble is an unusual ransomware strain because it is compiled with an executable shell (Bat2Exe) in a batch file. What's more odd is that it uses Discord - a voice, text, and video communication service popular among gamers - to send reports back to the operators behind it.
Both of these new types of ransomware are unusual, but they both point to the caveat that ransomware continues to be the 'promised land' for cybercriminals, where it's easier to pocket large amounts of illegal money. ever.
You should read it
- Forecast 2021: The world of security will be devastated by ransomware '
- How Can Zero-Trust Security Prevent Ransomware Attacks?
- Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord server
- 7 kinds of ransomware you didn't expect
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Warning campaign of large-scale ransomware attack, misuse of 7zip to encrypt QNAP devices
- Why is Ransomware the perfect hack?
- List of the 3 most dangerous and scary Ransomware viruses
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Hackers can use Ransomware to attack and control robots
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows