AlumniLocker Ransomware

The AlumniLocker Ransomware is a file-locking Trojan that blocks the user's digital media by encrypting each file. The AlumniLocker Ransomware includes a notably expensive ransom for any recovery help and is leveraging techniques typically part of attacks against business entities. Users should keep their anti-malware services available for deleting the AlumniLocker Ransomware, backup work for recovery, and watch for possible signs of e-mail phishing attacks.

A Threat Actor's High Expectations for a Trojan Project

Extortion through Trojans and their data-sabotaging attacks might be commonplace in 2021, but not every Trojan handles its victims the same way. Some threat actors might content themselves with affordable ransoms, while others, like the AlumniLocker Ransomware, expect enormous ones. The AlumniLocker Ransomware plays host to one of the most expensive data-extortion schemes that malware experts can recall, at almost half a million dollars for unlocking the files.

Infection vectors for the AlumniLocker Ransomware remain a highly-typical part of the Trojan's campaign. It targets business entities with e-mail tactics that include fake invoice attachments. The attached PDF loads a script-abusing ZIP archive that installs the file-locker Trojan. For its role, the AlumniLocker Ransomware then starts encrypting and locking files, such as most documents, databases, pictures, spreadsheets, etc.

The AlumniLocker Ransomware includes a ransom note with its costly demands for restoring the files and another detail – a threat that the attackers may leak the data for bullying victims into paying. However, since the AlumniLocker Ransomware's ransom is at 450,000 USD – far more costly than, for instance, the AES-Matrix Ransomware, the Dharma Ransomware, or other, comparable Trojans – businesses might not have a choice but to reject it, regardless of the risk.

Knocking the AlumniLocker Ransomware Off its Financial High Horse

The AlumniLocker Ransomware has more money at stake than most members of its apparent family (see also: the Thanos Ransomware, the Deal_for_access Ransomware, the Hakbit Ransomware, and the Quimera Ransomware) but isn't necessarily any stealthier. Most Windows users should be capable of spotting fake invoice e-mail attachments and avoiding threatening interactions with them. As additional precautions, malware experts recommend that users scan all downloads, install all PDF Reader and Office updates and disable macros.

Backups also are potent against file-locking Trojans by removing their initial leverage of denying both businesses and home users any access to crucial files. However, the AlumniLocker Ransomware, like the NEFILIM Ransomware, the AES-Matrix Ransomware, and others before them, also includes risks leaking data to the public. Although its data-leaking website currently is non-functional, its encryption routine can block the user's files as intended.

The AlumniLocker Ransomware's family is well-known to most AV vendors, whose databases can detect new versions of the threat without issues. Any credible anti-malware utility should detect and delete the AlumniLocker Ransomware, along with the threatening attachment.

The AlumniLocker Ransomware is going to have a difficult time making good on its expectations for money. Whether victims pay or not, their files take the same injuries either way – assuming that a worker is rash enough to open a hopefully-unconvincing invoice in the first place.