Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows

Malware Activity
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

CyberVolk expanded its VolkLocker ransomware operation in August 2025, putting Linux/VMware ESXi and Windows environments at risk. The malware’s Golang timer can wipe key user folders, while its encryption flow appends .locked or .cvolk to files. A separate implementation flaw stores a hardcoded master key in plaintext as system_backup.key under %TEMP%, which could let some victims recover files for free.

Related Happenings

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Vect ransomware flawed ChaCha20 implementation destroys large files

Technical Analysis
First: 29.04.2026 13:45 Last: 29.04.2026 13:45 Sources 1

About this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...

Open Happening

VECT 2.0 ransomware-branded file destruction malware

Malware Activity
First: 28.04.2026 17:01 Last: 28.04.2026 17:01 Sources 1

About this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...

Open Happening

Vect ransomware activity with cross-platform encryption and double extortion

Malware Activity
First: 03.02.2026 16:00 Last: 03.02.2026 16:00 Sources 1

About this happening: Security researchers say **Vect** is a new **ransomware-as-a-service (RaaS)** operation that has already claimed victims in **Brazil** and **South Africa**. Its malware targets **...

Open Happening

Sicarii ransomware per-execution RSA key generation breaks decryption

Malware Activity
First: 28.01.2026 00:15 Last: 28.01.2026 00:15 Sources 1

About this happening: The **Sicarii ransomware** now stands out for a **broken decryption process** that generates a new **RSA key pair** on each execution and discards the private key, leaving victims...

Open Happening

Timeline

  1. 13.12.2025 17:11 2 articles · 5mo ago

    CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows

    Initial Disclosure

    In **August 2025**, **CyberVolk** relaunched **VolkLocker (CyberVolk 2.x)** as a **RaaS** product focused on **Linux/VMware ESXi** and **Windows** targets.

    Show sources
    Open in new tab