Ransomware attacks are evolving much in the same way any saturated services market would, with specific targets, extortion techniques used, and customer experiences. Two new variants provide some insight of what’s to come.
Security researchers at Trend Micro recently offered a glimpse into the current varying state of just how ransomware authors are thinking about approaching attacks by focusing in on just two: AlumniLocker and Humble.
AlumniLocker uses malicious PDF attachments within a phishing attack to infiltrate and infect endpoints. Once infected and data is exfiltrated, AlumniLocker threatens to leak stolen data if a 10-bitcoin ransom (about $571K, presently) is not paid within 48 hours. On the flip side, Humble uses a batch file and a copy of BAT2EXE to infect systems. Once infected, it encrypts files matching 104 filetypes and threatens to rewrite the Master Boot Record after a restart. The ransom? Only $10 per machine.
The two very different approaches providing interesting insight – one thinks they should be going for the big money while the other is more focused on the almost-guaranteed payoff of just 10 bucks per infected endpoint. What you’re seeing is basic business differentiation.
The one thing they have in common is the need for a user to get involved to open the PDF or launch the script that runs BAT2EXE. So, it’s your users that are the deciding point of whether you become a victim or not. Those organizations utilizing Security Awareness Training have a much lower threat surface, as we’ve demonstrated that organizations that undergo training for a year reduce the number of clicks on phishing emails by 87.5%!
Here's how it works:
