Ransomware gang starts threatening victims via phone

In a disturbing evolution of ransomware tactics, a new group known as Volcano Demon has emerged, diverging from the usual approach of encrypting databases for ransom. Unlike traditional ransomware operations, Volcano Demon threatens victims directly via phone calls, promising to expose disruption details to their clients and partners unless a ransom is paid.

Cybersecurity researchers at Halcyon were the first to uncover these developments, noting that Volcano Demon recently targeted two companies within a short span of time. The group deploys a lesser-known ransomware variant called LukaLocker, leaving a ransom note and initiating direct communication with organizational leaders or C-level executives for negotiations. Victims report receiving calls with a voice that sounds artificially modulated, creating an unsettling interaction akin to speaking with a human voice altered by software.

Volcano Demon employs a double extortion tactic, demanding payment under threat of both data encryption and public disclosure of sensitive information if victims involve law enforcement. This strategy has become increasingly common among ransomware groups, exacerbating the surge in file-encrypting malware attacks facilitated by ransomware-as-a-service operations.

Despite efforts like Operation Cronos by law enforcement agencies to combat these threats, the proliferation of such malicious groups shows no signs of slowing down. The FBI has strongly advised against paying ransoms to these groups since it not only fuels cybercrime but also provides no guarantee of receiving decryption keys. Instead, victims are urged to focus on backup and recovery strategies to safeguard their data.

This updated version retains the core details while presenting them in a clearer and more structured manner. Let me know if there are any specific changes or additional information you would like to include!


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display