VolkLocker ransomware-as-a-service with free-decryption flaw
Malware Activity
Summary
Hide ▲
Show ▼
The CyberVolk-linked VolkLocker ransomware-as-a-service has resurfaced with a flaw that lets victims decrypt files without paying. The Golang ransomware targets Windows and Linux and still carries full extortion and anti-analysis features, making the implementation mistake especially consequential.
Related Happenings
Vect ransomware flawed ChaCha20 implementation destroys large files
Technical Analysis
First: 29.04.2026 13:45
Last: 29.04.2026 13:45
Sources 1
About this happening:
**Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...
Vect ransomware flawed ChaCha20 implementation destroys large files
Technical AnalysisAbout this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...
VECT 2.0 ransomware-branded file destruction malware
Malware Activity
First: 28.04.2026 17:01
Last: 28.04.2026 17:01
Sources 1
About this happening:
The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...
VECT 2.0 ransomware-branded file destruction malware
Malware ActivityAbout this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor Meta
First: 19.03.2026 18:00
Last: 19.03.2026 18:00
Sources 1
About this happening:
**hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor MetaAbout this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
Vect ransomware activity with cross-platform encryption and double extortion
Malware Activity
First: 03.02.2026 16:00
Last: 03.02.2026 16:00
Sources 1
About this happening:
Security researchers say **Vect** is a new **ransomware-as-a-service (RaaS)** operation that has already claimed victims in **Brazil** and **South Africa**. Its malware targets **...
Vect ransomware activity with cross-platform encryption and double extortion
Malware ActivityAbout this happening: Security researchers say **Vect** is a new **ransomware-as-a-service (RaaS)** operation that has already claimed victims in **Brazil** and **South Africa**. Its malware targets **...
Timeline
-
15.12.2025 07:33 2 articles · 5mo ago
VolkLocker ransomware-as-a-service with free-decryption flaw
Initial Disclosure**VolkLocker** first appeared in **August 2025** as a **RaaS** payload for **Windows and Linux**. Early samples already exposed the critical weakness: a **plaintext backup key** stored in `%TEMP%\system_backup.key` that enabled recovery.
Show sources
- VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption — thehackernews.com — 15.12.2025 07:33
- VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption — thehackernews.com — 15.12.2025 07:33