19.4 C
New York
Sunday, October 13, 2024

Volcano Demon Ransomware Group Rings Its Victims To Extort Cash


What’s occurring?

Safety researchers have warned {that a} new ransomware group has taken an uncommon twist on the standard technique of extorting cash from its company victims.

So what’s totally different this time?

Whereas many ransomware assaults see an organization’s firm’s knowledge exfiltrated by attackers, and the risk made that stolen knowledge shall be offered to different cybercriminals or launched to the general public, the Volcano Demon gang…

Sorry, excuse me? Volcano Demon?

Sure, that is the identify of the ransomware gang. Can I proceed?

Certain. Go forward. What are they doing?

As I used to be saying… the Volcano Demon group would not seem to hassle going to the hassle of making a website on the darkish net to publish leaked knowledge. As an alternative, it conducts its negotiations with its victims through the cellphone.

Wow. So may I really find yourself talking to the attackers if I labored at an organization that was struck by a ransomware assault?

Sure, and it is more likely {that a} member of workers exterior your cybersecurity workforce finds themselves within the prickly place of performing as a negotiator, not like a requirement that arrives through an e mail or a ransom observe dropped by the cybercriminals in your compromised community.

Why would a ransomware gang even do that?

I hear you. As ransom negotiation strategies go, it sounds positively old-school to have a dialog over the cellphone. You would possibly count on somebody extorting a ransom again within the Nineteen Seventies to make their calls for on a phone name, however not a lot within the digital age the place expertise will help cover a villain’s true id and site.

Safety researchers at Halcyon, which has reported seeing no less than two profitable assaults perpetrated by Volcano Demon within the final week, say that the calls could be threatening in nature and are available from unidentified caller-ID numbers.

So the corporate’s knowledge is encrypted by the ransomware?

Sure, the Volcano Demon ransomware group encrypts information in your firm community with LukaLocker, altering file extensions to .nba.

So they need cash for a decryption key. However do in addition they steal the information?

I am afraid so. Previous to knowledge being encrypted within the assault, it’s exfiltrated out of organisations. Which means corporations could be threatened with the distribution of their knowledge in the event that they refuse to pay up.

How does a ransomware gang phoning you up change issues?

It is simple to think about how a cellphone name could be extra intimidating than an e mail message. Media stories point out that the calls demanding the ransom could be “frequent” and that the attackers have a “heavy accent.” At this stage, it has not been doable to find their nation of origin.

In a conventional ransomware state of affairs, it is normally pretty easy for the sufferer to resolve who will interact with the attackers and probably negotiate how a lot of a ransom to pay. Nevertheless, a cellphone name from an attacker may happen at any time of day or evening and is likely to be to any of many doable phone numbers inside your organisation.

Staff who’re working exterior of the cybersecurity workforce might unexpectedly discover themselves talking to an attacker. Dealing with conversations of this sort is hard sufficient for any enterprise; some will even herald skilled negotiators. However when it may be anybody on the payroll who receives the decision from the extortionist, it is a lot more durable to manage.

So, you mentioned the cellphone calls could be intimidating and threatening?

Sure. The cybercriminals could have no qualms about making threats to safe their payday. And the ransom observe left by the attackers would not beat across the bush both:

“Your company community has been encrypted. And that’s not all – we studied and downloaded lots of your knowledge.” “Should you ignore this incident, we are going to be sure that your confidential knowledge is extensively accessible to the general public. We are going to make it possible for your purchasers and companions learn about every thing, and assaults will proceed. A few of the knowledge shall be offered to scammers who will assault your purchasers and workers.”

However will not the authorities be capable to discover out the place the cellphone name has come from?

Though the calls have to this point come from unidentified caller-ID numbers, there may be hope that the attackers’ use of cellphone calls somewhat than making the most of the darkish net’s anonymity will finally work to the police’s benefit.


Editor’s Be aware: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles