A Tale of Two Ransomware Variants: Two Ends of the Ransomware Attack Spectrum



Tale of Two Ransomware VariantsRansomware attacks are evolving much in the same way any saturated services market would, with specific targets, extortion techniques used, and customer experiences. Two new variants provide some insight of what’s to come.

Security researchers at Trend Micro recently offered a glimpse into the current varying state of just how ransomware authors are thinking about approaching attacks by focusing in on just two: AlumniLocker and Humble.

AlumniLocker uses malicious PDF attachments within a phishing attack to infiltrate and infect endpoints. Once infected and data is exfiltrated, AlumniLocker threatens to leak stolen data if a 10-bitcoin ransom (about $571K, presently) is not paid within 48 hours. On the flip side, Humble uses a batch file and a copy of BAT2EXE to infect systems. Once infected, it encrypts files matching 104 filetypes and threatens to rewrite the Master Boot Record after a restart. The ransom? Only $10 per machine.

The two very different approaches providing interesting insight – one thinks they should be going for the big money while the other is more focused on the almost-guaranteed payoff of just 10 bucks per infected endpoint. What you’re seeing is basic business differentiation.

The one thing they have in common is the need for a user to get involved to open the PDF or launch the script that runs BAT2EXE. So, it’s your users that are the deciding point of whether you become a victim or not. Those organizations utilizing Security Awareness Training have a much lower threat surface, as we’ve demonstrated that organizations that undergo training for a year reduce the number of clicks on phishing emails by 87.5%!


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews