CyberVolk Hits Critical Systems With Flawed Ransomware

A newly discovered ransomware strain known as CyberVolk has begun targeting Windows systems within critical infrastructure and scientific institutions, aiming at countries viewed as adversarial to Russian interests. Since its emergence in May 2024, the malware has caused widespread disruption in public services and research facilities across Japan, France and the United Kingdom. CyberVolk hits critical systems by exploiting phishing emails and compromised admin credentials to install itself under standard user privileges before escalating access.

Analysts at ASEC identified a complex, dual-layer encryption method using AES-256 GCM and ChaCha20-Poly1305. CyberVolk hits critical systems again by deliberately excluding system-critical files to maintain operability—ensuring ransom payment remains a viable option. However, its flawed decryption process, which omits a crucial nonce, blocks data recovery even with a valid key. Victims receive a ransom note demanding $20,000 in Bitcoin via Telegram. Experts urge organizations to maintain off-site backups and enforce strict access controls.

Read the full report here: https://cybersecuritynews.com/cybervolk-ransomware-attacking-windows-system/