A brand new ransomware group has been found harassing its victims on the cellphone till they pay up.
A report from anti-ransomware firm, Halycon mentioned that Volcano Demon was seen going after “a number of” targets within the final couple of weeks, deploying a brand new encryptor referred to as LukaLocker.
Its methodis comparatively easy – the risk actor will first discover a manner into the goal community, map it out, after which exfiltrate as many delicate information as they will. Then, they may deploy the encryptor, lock down the information and whole techniques, after which demand fee in cryptocurrency in trade for the decryption key, and for conserving the information for themselves.
No knowledge leak website
LukaLocker will add encrypted information the .nba file extension. It really works on each Home windows and Linux units, it was mentioned. The encryptor was additionally comparatively good at hiding its tracks. Because it clears logs previous to exploitation, cybersecurity researchers can’t conduct a full forensic analysis.
The victims having restricted logging and monitoring options put in didn’t assist, both. Lastly, LukaLocker can disable the processes linked to hottest antivirus and anti-malware options.
Whereas all of that is comparatively just like what different ransomware actors are doing, there may be one key distinction – Volcano Demon doesn’t have a devoted knowledge leak website. As a substitute, it should name the management of the sufferer firm on the cellphone to attempt to negotiate a fee. All calls come from an unidentified caller-ID numbers and may, the researchers stress, be threatening in each tone and expectations.
