New Ransomware Operator Volcano Demon Serving Up LukaLocker

July 3, 2024, 11:52 a.m.

Description

A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims' files with the .nba extension and was successful in compromising Windows workstations and servers after harvesting administrative credentials. Prior to encryption, data was exfiltrated for double extortion techniques. The threat actors utilize phone calls with a threatening tone to extort and negotiate ransom payments.

Date

Published: July 3, 2024, 11:35 a.m.

Created: July 3, 2024, 11:35 a.m.

Modified: July 3, 2024, 11:52 a.m.

Indicators

4e58629158a6c46ad420f729330030f5e0b0ef374e9bb24cd203c89ec3262669

f83abe3d9717238755f1276c87b3b320d8c30421984a897099ce3741d9143906

ed32ebb15d4abe262a34e54408ebb0680b62dc975bf6c02652d28006f45fca14

Attack Patterns

LukaLocker

Volcano Demon

T1565

T1490

T1567

T1222

T1497

T1489

T1486

T1070

T1057

T1083

T1071

T1485

T1562

T1059