Organizations in the manufacturing and logistics sectors have already been targeted by the newly-emergent Volcano Demon ransomware operation over the last two weeks, reports The Record, a news site by cybersecurity firm Recorded Future.
Attacks commenced with the compromise of Windows workstations and servers via network-stored admin credentials, followed by data exfiltration and encryption before the deployment of the novel LukaLocker ransomware and an accompanying note threatening persistent intrusions and the exposure of data should victims ignore the incident, according to a Halcyon report. Impacted organizations were then subjected to frequent calls from Volcano Demon hackers, which were observed to speak "with a very heavy accent." Volcano Demon's emergence follows the discovery of the new Arcus Media ransomware-as-a-service operation that has already targeted organizations in the U.S., Brazil, India, and the UK during the past month, as well as the Space Bears ransomware group that is believed to be associated with the Phobos RaaS gang.