New Ransomware Operator Volcano Demon Serving Up LukaLocker

216.73.216.6

New Ransomware Operator Volcano Demon Serving Up LukaLocker

· Published 03/07/2024 11:35 · Modified 03/07/2024 11:52

Essential information

Published: 03/07/2024 11:35
Modified: 03/07/2024 11:52
Tags: 2024-07-03 data theft lukalocker ransomware
Related entities: 3 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware

Description

A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims' files with the .nba extension and was successful in compromising Windows workstations and servers after harvesting administrative credentials. Prior to encryption, data was exfiltrated for double extortion techniques. The threat actors utilize phone calls with a threatening tone to extort and negotiate ransom payments.

External references

https://www.halcyon.ai/blog/halcyon-identifies-new-ransomware-operator-volcano-demon-serving-up-lukalocker
https://otx.alienvault.com/pulse/66853791d63f4196860b0356