New Ransomware Operator Volcano Demon Serving Up LukaLocker
A cybersecurity firm has encountered a new ransomware organization dubbed Volcano Demon responsible for recent attacks involving an encryptor called LukaLocker. The malware encrypts victims files with the .nba extension and was successful in compromising Windows workstations and servers after harvesting administrative credentials. Prior to encryption data was exfiltrated for double extortion techniques. The threat actors utilize phone calls with a threatening tone to extort and negotiate ransom payments.