Find notable cyber news and cases, enriched with sources, timelines, and signals.

VolkLocker ransomware-as-a-service with free-decryption flaw

Malware Activity
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

The CyberVolk-linked VolkLocker ransomware-as-a-service has resurfaced with a flaw that lets victims decrypt files without paying. The Golang ransomware targets Windows and Linux and still carries full extortion and anti-analysis features, making the implementation mistake especially consequential.

Related Happenings

Gentlemen ransomware EDR-killer tooling

Malware Activity
H score35 First: 19.06.2026 01:31 Last: 19.06.2026 01:31 Sources 1

About this happening: **Gentlemen ransomware-as-a-service (RaaS)** is actively maintaining a suite of **EDR killers** led by **GentleKiller** to disable endpoint defenses before encryption. ESET says t...

Windows cryptocurrency clipper campaign targeting users via USB LNK worms

Campaign
H score32 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

AI-built ransomware toolkit with AD discovery and EDR evasion

Malware Activity
H score36 First: 02.06.2026 23:01 Last: 02.06.2026 23:01 Sources 1

About this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...

Vect ransomware flawed ChaCha20 implementation destroys large files

Technical Analysis
H score4 First: 29.04.2026 13:45 Last: 29.04.2026 13:45 Sources 1

About this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...

Timeline

  1. 15.12.2025 07:33 2 articles · 6mo ago

    VolkLocker ransomware-as-a-service with free-decryption flaw

    Initial Disclosure

    **VolkLocker** first appeared in **August 2025** as a **RaaS** payload for **Windows and Linux**. Early samples already exposed the critical weakness: a **plaintext backup key** stored in `%TEMP%\system_backup.key` that enabled recovery.

    Show sources