A new ransomware group has been discovered that harasses victims over the phone until they pay up.
a report According to anti-ransomware firm Halycon, Volcano Demon has been targeting “several” targets in recent weeks and has deployed a new encryptor called LukaLocker.
The method is relatively simple: the threat actor first finds a way into the target network, maps it, and then exfiltrates as many sensitive files as possible. They then deploy the encryptor, locking down the files and entire systems, and demanding payment in cryptocurrency in exchange for the decryption key and for keeping the files for themselves.
No data leak site
LukaLocker appends encrypted files with the .nba extension. It works on both Windows and Linux devices, it was said. The encryptor was also relatively good at hiding its tracks. Because it wipes logs before exploitation, cybersecurity researchers cannot perform a full forensic evaluation.
Victims who installed limited logging and monitoring solutions also did not help. Finally, LukaLocker can kill processes associated with most popular antivirus and anti-malware solutions.
While this is all relatively similar to what other ransomware actors do, there is one key difference: Volcano Demon does not have a dedicated site for data breaches. Instead, it calls the victim company’s management to try to negotiate a payment. All calls come from an unidentified caller ID number and, the researchers point out, can be threatening in both tone and expectation.
