Volcano Demon group uses phone calls to blackmail victims

A newly discovered ransomware group, Volcano Demon, has allegedly launched several successful cybercriminal campaigns in the past few weeks.

The researchers who discovered the malicious organisation claimed it targeted the industrial and logistic sectors but refused to name the affected entities.

Moreover, the researchers explained that the ransomware group has a unique style of extorting its targets as it does not have a public leak website. Instead, these attackers use phone calls to intimidate and negotiate payments with the victim organisation’s leadership.

Additional reports also revealed that the phone calls came from unverified numbers, and the threat actors used menacing tones of speaking to threaten their victims.

 

The Volcano Demon operators encrypt their victims’ files before contacting them.

 

According to investigations, the Volcano Demon group first encrypts its victims’ files using the unknown LukaLocker ransomware. Next, the group leaves a ransom note to inform its victims that it has successfully compromised their files.

The attackers will then start their extortion process by pressuring their victims to comply with their demands. These threat actors will warn their victims that if they ignore the issue, they will notify clients and partners and continue their attacks.

The actors will also threaten the compromised companies that they will sell the data of their employees and clients to scammers.

Researchers noted that the group used a double extortion tactic to increase its chances of receiving payment. Before the LukaLocker infestation, it exfiltrated victims’ information through C2 servers before encrypting it.

Experts also explained that tracking these attackers will be challenging as they delete log files on targeted workstations before exploitation.

On the other hand, a separate investigation revealed that the hackers use an intimidating and heavy accent to threaten targets. They also call their targets daily to put more pressure on the company.

It is unclear whether Volcano Demon acts independently or as part of an established ransomware organisation. Ransomware operators are evolving, with numerous new threat actors surfacing and targeting various businesses lately.

Companies should improve their security measures as threat actors continue to use different techniques for compromising systems and acquiring assets.