"First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram."
"But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys - this same key encrypts all files on a victim's system - into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report."
"Unlike similar politically minded crews such as CyberArmyofRussia_Reborn and NoName057(16), which the US government has linked to Russia's GRU military intelligence agency and to Vladimir Putin himself, CyberVolk doesn't seem to have direct ties to the Kremlin. Also unlike these other hacktivist gangs, which primarily rely on nuisance-level distributed denial of service (DDoS) attacks to assault their victims, CyberVolk also uses ransomware."
CyberVolk reemerged with a Telegram-based ransomware-as-a-service called VolkLocker that launched in late summer. The platform provides built-in automation to generate payloads, coordinate attacks, and manage affiliate operations, lowering the bar for less technical operators. The operation returned after multiple Telegram bans and appears to be expanding its capabilities. The operators hardcoded a single master key into executables that encrypt all victim files, creating an exploitable weakness that may allow data recovery without paying ransoms. CyberVolk differs from other pro-Russian hacktivist groups by lacking clear Kremlin ties and by employing ransomware rather than primarily DDoS attacks.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]