Unveiling Volcano Demon: A New Threat to Windows Systems.

“Volcano Demon: The Eruptive Malware Threatening Windows Systems – Protect Your Network with Cynet XDR’s Advanced Security Solutions.”

Understanding the Volcano Demon Malware: A New Threat to Windows Workstations and Servers

The cybersecurity world is constantly evolving, with new threats emerging every day. One such threat that has recently been observed is a novel malware known as Volcano Demon.

This malware specifically targets Windows workstations and servers, obtaining administrative credentials from the network. What makes this threat actor unique is that they do not have a leak site, and instead use phone calls to executives in IT and leadership to demand money. These calls come from unidentified caller ID numbers and often have a threatening tone, with high expectations for payment.

One of the ways that Volcano Demon has been observed encrypting victim files is through a ransomware known as LukaLocker. This ransomware was identified on June 15, 2024, by Halcyon researchers, who found that it encrypts victim files with the .nba file extension. LukaLocker is developed in C++ and compiled as an x64 PE binary, making it a formidable threat.

To make matters worse, LukaLocker evades detection, analysis, and reverse engineering by hiding its destructive functions through the use of dynamic API resolution and API obfuscation. This means that traditional security measures may not be enough to protect against this ransomware.

The hackers behind LukaLocker use it to encrypt the victims’ files before making a phone call, leaving a ransom note that reads: “Your corporate network has been encrypt3d… We studied and downloaded a lot of your data, many of them have confidential status. If you ignore this incident, we will make sure that your clients and partners know about everything, and attacks will continue. Some of the data will be sold to scammers who will attack your clients and employees.”

In addition to the Windows version of LukaLocker, a Linux version was also discovered on the victim’s network. Volcano Demon used shared administrator credentials that it had taken from the network to lock both Windows desktops and servers successfully. The data was stolen and sent to command and control (C2) server services in advance of the attack to use double extortion.

It’s clear that Volcano Demon is a new and serious threat to Windows workstations and servers. With its ability to evade detection and its use of phone calls to demand money, it’s a malware that requires a new approach to cybersecurity.

Understanding the Volcano Demon malware is crucial for anyone responsible for the security of Windows workstations and servers. With its ability to obtain administrative credentials and use phone calls to demand money, it’s a threat that cannot be ignored.

  • Related Posts

    MSC Files and Phishing: The FLUX#CONSOLE Threat Unveiled.

    “Unmasking the FLUX#CONSOLE: Securonix Threat Research Exposes Evolving Phishing Tactics with MSC Files” Overview Of The FLUX#CONSOLE Campaign

    Read more

    WPML Plugin Vulnerability Threatens 1M+ WordPress Sites

    “Over 1 million WordPress sites at critical risk: WPML’s Remote Code Execution vulnerability exposes the dangers of insecure

    Read more

    Leave a Reply