Cybersecurity researchers at Halcyon AI have raised concerns about a new ransomware group called Volcano Demon, which has been targeting companies in manufacturing and logistics sectors. This group, unlike others, has adopted a more direct and intimidating approach to extort money from its victims.
Volcano Demon, in the past two weeks, has successfully attacked several companies by deploying its unique ransomware named “LukaLocker” in at least two cases. This ransomware encrypts files with the .nba extension and is designed to avoid detection and analysis, making it a significant threat to organizations.
One of the distinctive tactics used by Volcano Demon is making threatening phone calls to pressure company executives into paying ransoms. According to Halcyon analysts, they call their victims very frequently, sometimes daily, using unidentified numbers to add to the intimidation factor.
Before launching their ransomware attacks, Volcano Demon infiltrates sensitive data to command-and-control servers, which is then used to coerce victims into complying with their demands. The ransom note issued by the attackers warns that if the incident is ignored, confidential data will be made public.
Tracking down Volcano Demon has proven to be a challenge for cybersecurity experts, as the group wipes log files on compromised machines before executing their attacks, making it hard to conduct thorough forensic evaluations. This method hinders efforts to trace their origins and fully understand the extent of their operations.
Adam Pilton, a senior cybersecurity consultant, explained that the element of calling complicates the extortion process due to the unpredictability of the unknown caller ID and calling instances. While this makes negotiations costly for victims, it also provides potential leads for law enforcement to follow.
Pilton highlighted the value of voice data and background noise in tracing the attackers, which could assist in identifying and apprehending them. The use of phone calls by Volcano Demon adds a new layer of complexity to the ransomware landscape, making it essential for companies to enhance their cybersecurity measures to protect against such threats.
In conclusion, the emergence of Volcano Demon and their use of threatening phone calls to pressure victims represent a new and concerning trend in ransomware attacks. Organizations must remain vigilant and implement robust cybersecurity protocols to safeguard their data and infrastructure from such malicious actors.