Two newly discovered forms of ransomware – AlumniLocker and Humble – have been detected. These ransomware have very different traits and both attempt to extort a bitcoin ransom in different ways. The ransomware is delivered to victims via a malicious PDF attachment claiming to be an invoice that is distributed in phishing emails. The PDF contains a link that will extract a ZIP archive that runs a PowerShell script to drop the payload and execute the ransomware.
Like an increasing number of ransomware campaigns, the attackers behind AlumniLocker threaten to publish data stolen from the network of their victim if they’re not paid within 48 hours – although given the ransom demand is so large, victims may decide it’s too much to pay. Humble is unusual for ransomware in that it is compiled with an executable wrapper (Bat2Exe) in batch file. What’s also strange is that it uses Discord – a voice, text and video communications service popular among gamers – to send reports back to its author.