New Ransomware Operator Volcano Demon Serving Up LukaLocker
July 3, 2024, 11:52 a.m.
Tags
External References
Description
A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims' files with the .nba extension and was successful in compromising Windows workstations and servers after harvesting administrative credentials. Prior to encryption, data was exfiltrated for double extortion techniques. The threat actors utilize phone calls with a threatening tone to extort and negotiate ransom payments.
Date
Published: July 3, 2024, 11:35 a.m.
Created: July 3, 2024, 11:35 a.m.
Modified: July 3, 2024, 11:52 a.m.
Indicators
4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669
f83abe3d9717238755f1276c87b3b320d8c30421984a897099ce3741d9143906
ed32ebb15d4abe262a34e54408ebb0680b62dc975bf6c02652d28006f45fca14
Attack Patterns
LukaLocker
Volcano Demon
T1565
T1490
T1567
T1222
T1497
T1489
T1486
T1070
T1057
T1083
T1071
T1485
T1562
T1059