The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram. But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.
Read more of this story at Slashdot.