Novel Volcano Demon ransomware gang emerges

Play ransomware gang tied to 300 attacks in 17 months

Organizations in the manufacturing and logistics sectors have already been targeted by the newly-emergent Volcano Demon ransomware operation over the last two weeks, reports The Record, a news site by cybersecurity firm Recorded Future.

Attacks commenced with the compromise of Windows workstations and servers via network-stored admin credentials, followed by data exfiltration and encryption before the deployment of the novel LukaLocker ransomware and an accompanying note threatening persistent intrusions and the exposure of data should victims ignore the incident, according to a Halcyon report. Impacted organizations were then subjected to frequent calls from Volcano Demon hackers, which were observed to speak "with a very heavy accent." Volcano Demon's emergence follows the discovery of the new Arcus Media ransomware-as-a-service operation that has already targeted organizations in the U.S., Brazil, India, and the UK during the past month, as well as the Space Bears ransomware group that is believed to be associated with the Phobos RaaS gang.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.