CyberVolk Resurfaces With Flawed Ransomware Encryptor

CyberVolk, a pro-Russian hacktivist group, resurfaced in late 2025 with an updated Telegram-based ransomware-as-a-service that simplifies attacks for affiliates. Security researchers and outlets report a structural encryptor flaw—encryption keys stored in plain text—that could allow victims to recover data without paying ransom. The revival coincides with November 2025 sanctions on Media Land, underscoring technical and policy efforts to disrupt Russian-linked ransomware.
Key Points
- 1Reveals Telegram-based RaaS storing encryption keys in plain text, enabling potential free decryption.
- 2Highlights how low-barrier Telegram bots scale attacks but introduce implementation vulnerabilities.
- 3Suggests defenders can prioritize recovery tools, backups, and exploit the flaw to avoid ransom payments.
Scoring Rationale
Significant, actionable discovery with official sanctions support, but primarily affects cybersecurity domain rather than broader AI/ML landscape.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems