A new ransomware group called Volcano Demon has been causing trouble for its victims by harassing them over the phone until they pay up. The group has been targeting multiple victims in recent weeks using a new encryptor called LukaLocker. This ransomware group first gains access to the target network, steals sensitive files, encrypts them using LukaLocker, and then demands payment in cryptocurrency for the decryption key.
LukaLocker encrypts files with the .nba extension and can infect both Windows and Linux devices. It is also good at covering its tracks by clearing logs, making it difficult for cybersecurity experts to conduct a thorough investigation. The lack of logging and monitoring solutions in place at the victim’s end further complicates the situation. Additionally, LukaLocker can disable processes associated with popular antivirus and anti-malware software.
Unlike other ransomware groups, Volcano Demon does not have a data leak site. Instead, they contact the victim company’s leadership via phone calls to negotiate payment. These calls come from unidentified numbers and can be intimidating in nature. This approach sets Volcano Demon apart from other ransomware groups that typically rely on data leak sites to pressure victims into paying.
In other tech news, the Indonesian government recently reported a ransomware attack on its national data center but has refused to pay the ransom. For businesses looking to enhance their cybersecurity, TechRadar Pro recommends the best firewalls and endpoint protection tools available in the market today.
Sead, a freelance journalist based in Sarajevo, Bosnia and Herzegovina, specializes in IT, cybersecurity, and data breaches. With over a decade of experience in journalism, Sead has contributed to various media outlets and conducted content writing modules for Represent Communications.
Stay informed with the latest tech news, opinions, features, and guidance for your business by signing up for the TechRadar Pro newsletter.
