CyberVolk’s VolkLocker ransomware was found to have significant cryptographic flaws that could allow victims to decrypt files for free. The group, known for pro-Russia hacktivism, has been disrupted multiple times but continues to launch attacks using its RaaS platform. #CyberVolk #VolkLocker #Telegram #AES256
Keypoints
- VolkLocker ransomware uses a hardcoded master key embedded in its binary, exposing it to decryption attempts.
- The ransomware targets Windows and Linux/VMware ESXi systems with a timer-based wipe feature.
- The attack platform, VolkLocker, is sold for $800-$2,200, with customizable options via Telegram.
- The cryptographic flaw involves using the same master key for all files and storing it in plaintext on infected devices.
- Disclosing the cryptographic weakness may lead to mitigation, but can also risk alerting threat actors.