New Ransomware Group "Volcano Demon" Harassing Victims by Phone

A new ransomware group named Volcano Demon has recently been discovered by cybersecurity experts, and they have a unique tactic for extorting money from their victims. Unlike other ransomware groups, Volcano Demon is known to harass their victims over the phone until they receive the ransom payment.

How Volcano Demon Operates

The group's strategy is to gain access to the target's network, map it out, and then steal sensitive files. They use an encryptor known as LukaLocker to lock down the files and entire systems. The victims are then demanded to pay a ransom in cryptocurrency to receive the decryption key and prevent the group from distributing their files. The LukaLocker adds a .nba file extension to encrypted files and is adept at covering its tracks by clearing logs before exploitation.

One of the challenges faced by the victims is that the LukaLocker can disable processes related to most popular antivirus and anti-malware solutions, making it more difficult to detect and remove. Furthermore, many victims have limited logging and monitoring solutions installed, exacerbating the issue.

Volcano Demon's Unique Ransom Demand Method

What sets Volcano Demon apart from other ransomware actors is the absence of a dedicated data leak site. Instead, the group makes phone calls to the leadership of the victim company, often from unidentified numbers, and attempts to negotiate a payment. These calls can be threatening in tone and carry aggressive demands.

As ransomware attacks continue to plague businesses and individuals, it's important to stay vigilant and maintain robust cybersecurity measures to protect against such threats. Remember to back up your data regularly, keep your security software up-to-date, and be cautious with suspicious emails and links.

Whether dealing with Volcano Demon or any other cyber threat, it's crucial to have a solid defense plan in place to minimize the risks of falling victim to ransomware.