The pro-Russian CyberVolk group has launched a Telegram-based ransomware-as-a-service platform called CyberVolk 2.x (or VolkLocker), allowing users to easily conduct ransomware attacks. However, their operation has been compromised due to a significant oversight: they hardcoded the master encryption keys in plaintext within the executable files. This vulnerability may enable victims to recover their encrypted data without paying the ransom, as noted by SentinelOne’s threat researcher Jim Walter. The combination of automated attack coordination and this critical flaw highlights both the ease of use and the risks associated with CyberVolk’s platform.
Want More Context? 🔎
