July 23, 2024
Volcano Demon Ransomware Group Rings Its Victims To Extort Cash

What’s occurring?

Safety researchers have warned {that a} new ransomware group has taken an uncommon twist on the standard technique of extorting cash from its company victims.

So what’s completely different this time?

Whereas many ransomware assaults see an organization’s firm’s knowledge exfiltrated by attackers, and the risk made that stolen knowledge will likely be offered to different cybercriminals or launched to the general public, the Volcano Demon gang…

Sorry, excuse me? Volcano Demon?

Sure, that is the title of the ransomware gang. Can I proceed?

Positive. Go forward. What are they doing?

As I used to be saying… the Volcano Demon group does not seem to trouble going to the hassle of making a website on the darkish internet to publish leaked knowledge. As an alternative, it conducts its negotiations with its victims by way of the telephone.

Wow. So may I really find yourself chatting with the attackers if I labored at an organization that was struck by a ransomware assault?

Sure, and it is more likely {that a} member of workers exterior your cybersecurity crew finds themselves within the prickly place of appearing as a negotiator, in contrast to a requirement that arrives by way of an electronic mail or a ransom be aware dropped by the cybercriminals in your compromised community.

Why would a ransomware gang even do that?

I hear you. As ransom negotiation strategies go, it sounds positively old-school to have a dialog over the telephone. You would possibly anticipate somebody extorting a ransom again within the Nineteen Seventies to make their calls for on a phone name, however not a lot within the digital age the place know-how may help conceal a villain’s true id and site.

Safety researchers at Halcyon, which has reported seeing at the least two profitable assaults perpetrated by Volcano Demon within the final week, say that the calls may be threatening in nature and are available from unidentified caller-ID numbers.

So the corporate’s knowledge is encrypted by the ransomware?

Sure, the Volcano Demon ransomware group encrypts recordsdata in your firm community with LukaLocker, altering file extensions to .nba.

So they need cash for a decryption key. However do additionally they steal the info?

I am afraid so. Previous to knowledge being encrypted within the assault, it’s exfiltrated out of organisations. Because of this firms may be threatened with the distribution of their knowledge in the event that they refuse to pay up.

How does a ransomware gang phoning you up change issues?

It is simple to think about how a telephone name may be extra intimidating than an electronic mail message. Media studies point out that the calls demanding the ransom may be “frequent” and that the attackers have a “heavy accent.” At this stage, it has not been potential to find their nation of origin.

In a standard ransomware scenario, it is normally pretty easy for the sufferer to resolve who will have interaction with the attackers and doubtlessly negotiate how a lot of a ransom to pay. Nevertheless, a telephone name from an attacker may happen at any time of day or evening and may be to any of many potential phone numbers inside your organisation.

Workers who’re working exterior of the cybersecurity crew could unexpectedly discover themselves chatting with an attacker. Dealing with conversations of this sort is hard sufficient for any enterprise; some will even usher in skilled negotiators. However when it may be anybody on the payroll who receives the decision from the extortionist, it is a lot tougher to manage.

So, you mentioned the telephone calls may be intimidating and threatening?

Sure. The cybercriminals may have no qualms about making threats to safe their payday. And the ransom be aware left by the attackers does not beat across the bush both:

“Your company community has been encrypted. And that’s not all – we studied and downloaded loads of your knowledge.” “When you ignore this incident, we are going to make sure that your confidential knowledge is extensively out there to the general public. We are going to ensure that your purchasers and companions learn about all the pieces, and assaults will proceed. A number of the knowledge will likely be offered to scammers who will assault your purchasers and staff.”

However will not the authorities have the ability to discover out the place the telephone name has come from?

Though the calls have to date come from unidentified caller-ID numbers, there’s hope that the attackers’ use of telephone calls fairly than profiting from the darkish internet’s anonymity will in the end work to the police’s benefit.


Editor’s Word: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.