Lukalocker

LukaLocker is a newly discovered malware, characterized as locker ransomware, that was first identified by Halcyon researchers on June 15. The adversary behind this malicious software has been dubbed "Volcano Demon" and is responsible for several attacks within the past two weeks. LukaLocker encrypts victim files with the .nba file extension and is an x64 PE binary written and compiled using C++. This ransomware utilizes API obfuscation and dynamic API resolution to conceal its harmful functionalities, thereby evading detection, analysis, and reverse engineering. Upon execution, unless "--sd-killer-off" is specified, LukaLocker immediately terminates some security and monitoring services present on the network. This action is reminiscent of the tactics used by the now-defunct Conti ransomware, suggesting that LukaLocker may have recycled code from Conti. In its attacks, Volcano Demon leverages common administrative credentials harvested from the networks of its victims to load a Linux version of LukaLocker, subsequently locking both Windows workstations and servers. The emergence of LukaLocker highlights the evolving nature of cyber threats and underscores the importance of robust cybersecurity measures. As the malware can infiltrate systems through suspicious downloads, emails, or websites without users' knowledge, it poses a significant threat to personal information and operational continuity. The discovery of LukaLocker serves as a reminder for individuals and organizations to maintain up-to-date security protocols and remain vigilant against potential cyber attacks.