CyberVolk hacktivist gang reemerges with faulty new RaaS platform

Pro-Russian hacktivist operation CyberVolk has resurfaced with the new Telegram-powered VolkLocker ransomware-as-a-service operation, also known as CyberVolk 2.x, after a months-long hiatus, reports The Register. Despite enabling automated payload generation, ransomware attack coordination, and operations management, VolkLocker which offers Go-based payloads that could be executed on Windows and Linux systems contains code weaknesses that could allow encrypted data restoration without fulfilling attackers' demands, according to an analysis from SentinelOne. Instead of conducting dynamic encryption key generation, VolkLocker hardcodes keys as hex strings, with the plaintext master key believed to be a test artifact. "Our analysis reveals an operation struggling with the challenges of expansion: taking one step forward with sophisticated Telegram automation, and one step backward with payloads that retain test artifacts enabling victim self-recovery," wrote SentinelOne senior threat researcher Jim Walter, who noted that Telegram-based automation still represents the continued reduction of barriers to cybercrime despite CyberVolk's foibles.