This new ransomware scam will hassle you with phone calls until you pay up

Victims threatened with repeated phone calls

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A newransomwaregroup has been discovered harassing its victims on the phone until they pay up.

Areportfrom anti-ransomware company, Halycon said that Volcano Demon was seen going after “several” targets in the last couple of weeks, deploying a new encryptor called LukaLocker.

Its methodis relatively simple - the threat actor will first find a way into the target network, map it out, and then exfiltrate as many sensitive files as they can. Then, they will deploy the encryptor, lock down the files and entire systems, and then demand payment in cryptocurrency in exchange for the decryption key, and for keeping the files for themselves.

No data leak site

LukaLocker will add encrypted files the .nba file extension. It works on both Windows and Linux devices, it was said. The encryptor was also relatively good at hiding its tracks. Since it clears logs prior to exploitation, cybersecurity researchers cannot conduct a full forensic evaluation.

The victims having limited logging and monitoring solutions installed didn’t help, either. Finally, LukaLocker can disable the processes linked to most popular antivirus and anti-malware solutions.

While all of this is relatively similar to what other ransomware actors are doing, there is one key difference - Volcano Demon does not have a dedicated data leak site. Instead, it will call the leadership of the victim company on the phone to try and negotiate a payment. All calls come from an unidentified caller-ID numbers and can, the researchers stress, be threatening in both tone and expectations.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind