In a shocking new development, a ransomware group named Volcano Demon is harassing its victims with phone scam calls until they pay up. Anti-ransomware company Halycon reports that this group has targeted several organizations recently, using a new encryptor called LukaLocker.
Simple yet effective phone scam method
Volcano Demon’s method is simple yet effective. They infiltrate the target network, map it out, and exfiltrate sensitive files. Then, they deploy LukaLocker to lock down files and entire systems, demanding cryptocurrency payments for the decryption key and to keep the files confidential.
LukaLocker, which adds the .nba extension to encrypted files, operates on both Windows and Linux devices. It clears logs before exploitation, making full forensic evaluations difficult. The encryptor also disables processes linked to popular antivirus and anti-malware solutions.
Unlike other ransomware groups, Volcano Demon does not have a dedicated data leak site. Instead, they call the leadership of the victim company from unidentified numbers, during the phone scam, using threatening tones to negotiate payments. This new tactic of direct harassment is creating panic among victims.
{{user}} {{datetime}}
{{text}}