Russian Cyberactivists carrying pro-government sympathies commence labeled ransomware attacks
CyberVolk Launches Ransomware-as-a-Service Operations
A pro-Russian hacktivist group, CyberVolk, has entered the realm of cybercrime by launching its own ransomware-as-a-service (RaaS) operations. Originating in India, this group has become a prominent player in the cybercrime ecosystem, utilizing DDoS attacks and adopting and repurposing existing commodity malware.
The ransomware used by CyberVolk is a modified version of the AzzaSec Ransomware, a pro-Russia, anti-Israel, and anti-Ukraine hacktivist group that emerged in February 2024. The source code for AzzaSec Ransomware was leaked in June 2024, and subsequently adopted and adapted by multiple groups aligned with AzzaSec's mission. CyberVolk's branded ransomware is a testament to this adoption and adaptation.
The ransomware uses Windows-specific payloads written in C++. Upon execution, bitmap images are dropped into the %temp% folder and displayed before any encryption occurs. The payloads terminate any running processes belonging to Microsoft Management Console (MMC) or Task Manager, ensuring the ransomware's operations are not interrupted.
The encryption and key generation algorithms used by CyberVolk have been updated to "ChaCha20-Poly1305 + AES + RSA + Quantum resistant algorithms," providing a robust encrypting mechanism. A payment screen is displayed when a victim's files have been encrypted, with a decryption timer, payment details, and cryptocurrency payment options. The timeout for the decryption process is set to five hours in the analyzed CyberVolk samples.
CyberVolk has been involved in attacks against entities in Japan, including the Japan Meteorological Agency (JMA) and the Tokyo Global Information System Centre. The group also has associations with other ransomware families, such as Doubleface, HexaLocker, and Parano. CyberVolk claims alliances with a range of hacktivist and cybercrime groups, including Lapsus$ and the Moroccan Dragons.
The activities of CyberVolk demonstrate the growing blurring of lines between hacktivism, cybercrime, and nation-state activity. The group leverages geopolitical issues to launch and justify attacks on entities opposed to Kremlin interests.
In November 2024, multiple hacktivist groups, including CyberVolk and other affiliated groups, experienced a mass ban on Telegram. The founder and CEO of the platform, Pavel Durov, had committed to banning hacktivist groups following a mass ban of such groups in early November. As a result, CyberVolk's Telegram contact details are no longer accessible.
Despite these setbacks, CyberVolk continues its operations, demonstrating the resilience and adaptability of cybercriminals in the face of adversity. It is crucial for individuals and organisations to remain vigilant and implement robust cybersecurity measures to protect against such threats.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- House Infernos: Deadly Hazards Surpassing the Flames
- Rare Genetic Disease Affecting a Child: Lend a Hand to Those in Need
- Aspergillosis: Recognizing Symptoms, Treatment Methods, and Knowing When Medical Attention is Required
