Lukalocker

Malware updated 7 days ago (2024-11-29T14:43:44.242Z)
Download STIX
Preview STIX
LukaLocker is a newly discovered malware, characterized as locker ransomware, that was first identified by Halcyon researchers on June 15. The adversary behind this malicious software has been dubbed "Volcano Demon" and is responsible for several attacks within the past two weeks. LukaLocker encrypts victim files with the .nba file extension and is an x64 PE binary written and compiled using C++. This ransomware utilizes API obfuscation and dynamic API resolution to conceal its harmful functionalities, thereby evading detection, analysis, and reverse engineering. Upon execution, unless "--sd-killer-off" is specified, LukaLocker immediately terminates some security and monitoring services present on the network. This action is reminiscent of the tactics used by the now-defunct Conti ransomware, suggesting that LukaLocker may have recycled code from Conti. In its attacks, Volcano Demon leverages common administrative credentials harvested from the networks of its victims to load a Linux version of LukaLocker, subsequently locking both Windows workstations and servers. The emergence of LukaLocker highlights the evolving nature of cyber threats and underscores the importance of robust cybersecurity measures. As the malware can infiltrate systems through suspicious downloads, emails, or websites without users' knowledge, it poses a significant threat to personal information and operational continuity. The discovery of LukaLocker serves as a reminder for individuals and organizations to maintain up-to-date security protocols and remain vigilant against potential cyber attacks.
Description last updated: 2024-08-12T14:42:21.909Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Volcano Demon is a possible alias for Lukalocker. Volcano Demon, a recently identified threat actor, has been tracked by the researchers at Halcyon due to its unique use of locker malware known as LukaLocker. This adversary encrypts victims' files with a .nba file extension, a technique not previously seen in the cybersecurity landscape. The group
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Lukalocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
5 months ago
InfoSecurity-magazine
5 months ago