CyberVolk, a pro-Russian hacktivist group, has relaunched its VolkLocker ransomware-as-a-service, targeting Windows and Linux systems with notable design flaws that allow victims to decrypt files without paying. The group continues expanding its malicious offerings, including remote access tools, while leveraging Telegram for operations. #CyberVolk #VolkLocker #Telegram #RaaS
Keypoints
- VolkLocker is a new RaaS from CyberVolk, targeting both Windows and Linux platforms.
- The ransomware has critical flaws, such as hard-coded master keys and plaintext key files, enabling file recovery without payment.
- It performs system reconnaissance, privilege escalation, and encrypts files with AES-256-GCM, assigning custom extensions.
- The group manages operations via Telegram, charging between $800 and $2,200 for multi-OS payloads and features automation tools.
- CyberVolk has expanded its threat arsenal to include remote access trojans and keyloggers, indicating increased monetization strategies.
Read More: https://thehackernews.com/2025/12/volklocker-ransomware-exposed-by-hard.html