According to cybersecurity researchers at Halcyon AI, the new Volcano Demon ransomware gang calls its victims “very frequently, almost daily in some cases.” (adsbygoogle = window.adsbygoogle || []).
push({}); A new and particularly menacing ransomware group known as “ Volcano Demon “ has surfaced, causing alarm across manufacturing and logistics industries. This group has deviated from the usual ransomware playbook , opting for a more direct and intimidating method to coerce their victims. Over the past two weeks, “ Volcano Demon “ has successfully targeted several companies, deploying their unique ransomware called “LukaLocker” in at least 2 cases.
This malicious software encrypts files with the .nba extension and is designed to evade detection and analysis, making it a formidable threat. According to cybersecurity firm Halcyon, What makes “ Volcano Demon “ stand out is their use of phone calls to pressure company executives into paying ransoms.
Instead of the typical data leak sites, they rely on frequent, threatening calls from unidentified numbers. Tim West, an analyst at Halcyon, shed light on this unsettling tactic. “They call very frequently, almost daily in some cases,” he said.
Before launching their ransomware attacks, Volcano Demon infiltrates sensitive data to command-and-control (C2) servers. This stolen data is used as leverage to pressure victims into complying with their demands. The ransom note left by the attackers is blunt and threate.
