Attacks commenced with the compromise of Windows workstations and servers via network-stored admin credentials, followed by data exfiltration and encryption before the deployment of the novel LukaLocker ransomware and an accompanying note threatening persistent intrusions and the exposure of data should victims ignore the incident, according to a Halcyon report. Impacted organizations were then subjected to frequent calls from Volcano Demon hackers, which were observed to speak “with a very heavy accent.”

Source: SC Magazine