This new ransomware scam will hassle you with phone calls until you pay up
Victims threatened with repeated phone calls
A new ransomware group has been discovered harassing its victims on the phone until they pay up.
A report from anti-ransomware company, Halycon said that Volcano Demon was seen going after “several” targets in the last couple of weeks, deploying a new encryptor called LukaLocker.
Its methodis relatively simple - the threat actor will first find a way into the target network, map it out, and then exfiltrate as many sensitive files as they can. Then, they will deploy the encryptor, lock down the files and entire systems, and then demand payment in cryptocurrency in exchange for the decryption key, and for keeping the files for themselves.
No data leak site
LukaLocker will add encrypted files the .nba file extension. It works on both Windows and Linux devices, it was said. The encryptor was also relatively good at hiding its tracks. Since it clears logs prior to exploitation, cybersecurity researchers cannot conduct a full forensic evaluation.
The victims having limited logging and monitoring solutions installed didn’t help, either. Finally, LukaLocker can disable the processes linked to most popular antivirus and anti-malware solutions.
While all of this is relatively similar to what other ransomware actors are doing, there is one key difference - Volcano Demon does not have a dedicated data leak site. Instead, it will call the leadership of the victim company on the phone to try and negotiate a payment. All calls come from an unidentified caller-ID numbers and can, the researchers stress, be threatening in both tone and expectations.
More from TechRadar Pro
- Indonesian government says national data center was hit in ransomware attack - but it won't pay up
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.