A new ransomware group has been discovered harassing its victims on the phone until they pay up.
A report from anti-ransomware company, Halycon said that Volcano Demon was seen going after “several” targets in the last couple of weeks, deploying a new encryptor called LukaLocker.
Its methodis relatively simple – the threat actor will first find a way into the target network, map it out, and then exfiltrate as many sensitive files as they can. Then, they will deploy the encryptor, lock down the files and entire systems, and then demand payment in cryptocurrency in exchange for the decryption key, and for keeping the files for themselves.
No data leak site
LukaLocker will add encrypted files the .nba file extension. It works on both Windows and Linux devices, it was said. The encryptor was also relatively good at hiding its tracks. Since it clears logs prior to exploitation, cybersecurity researchers cannot conduct a full forensic evaluation.
The victims having limited logging and monitoring solutions installed didn’t help, either. Finally, LukaLocker can disable the processes linked to most popular antivirus and anti-malware solutions.
While all of this is relatively similar to what other ransomware actors are doing, there is one key difference – Volcano Demon does not have a dedicated data leak site. Instead, it will call the leadership of the victim company on the phone to try and negotiate a payment. All calls come from an unidentified caller-ID numbers and can, the researchers stress, be threatening in both tone and expectations.
+ There are no comments
Add yours