Russian cybercriminals release new ransomware

English

A notorious group of Russian cybercriminals has resurfaced with a new ransomware variant. However, security experts note that files encrypted by this malware can be easily decrypted.

The return of these Russian cybercriminals marks a concerning development in the cybersecurity landscape. According to reports, the group has introduced a fresh ransomware strain aimed at encrypting victims' files. Despite the threat posed by such attacks, there is a silver lining: the encryption used in this new variant is not robust, allowing for straightforward decryption processes.

This ransomware follows a pattern seen in previous operations by the group, which has a history of targeting various sectors. While details on the specific targets or distribution methods remain limited, the ease of decryption suggests that affected users may recover their data without significant loss, provided they act promptly with appropriate tools.

Experts advise organizations to remain vigilant against phishing and other entry points commonly exploited by ransomware actors. The publication date of this information is December 12, 2025, highlighting the ongoing evolution of cyber threats from Russian-based groups.

Related Articles

Realistic illustration of a computer screen showing the VanHelsing ransomware attack targeting multiple operating systems, suitable for a cybersecurity news article.
Image generated by AI

VanHelsing ransomware RaaS targets multiple platforms

Reported by AI Image generated by AI

A new ransomware-as-a-service operation called VanHelsing emerged on March 7, 2025, quickly claiming at least three victims. It supports attacks on Windows, Linux, BSD, ARM, and ESXi systems, with affiliates retaining 80% of ransoms after a $5,000 deposit. The group prohibits targeting entities in the Commonwealth of Independent States.

CyberVolk launches VolkLocker ransomware targeting Linux and Windows

The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.

CyberVolk's VolkLocker hampered by plaintext master key flaw

Reported by AI

SentinelOne researchers have disclosed a critical flaw in CyberVolk's new VolkLocker ransomware-as-a-service: a hardcoded master key stored in plaintext, enabling victims to decrypt files without ransom payment. Following the group's August 2025 relaunch after Telegram bans, this weakness underscores quality issues in their RaaS ecosystem.

Linux

New SysUpdate malware variant targets Linux systems

Technology

Russian hackers exploit Microsoft Office vulnerability days after patch

Technology

US cybersecurity professionals plead guilty to blackcat ransomware attacks

Ransomware gang NightSpire claims Hyatt data breach

A ransomware group known as NightSpire has claimed responsibility for hacking into Hyatt's systems and stealing data. The group states it has obtained nearly 50GB of files from the hotel chain, which it plans to sell. This incident highlights ongoing cybersecurity threats to the hospitality sector.

Researchers uncover new SysUpdate malware variant targeting Linux

Reported by AI

Researchers at LevelBlue have identified a new variant of the SysUpdate malware aimed at Linux systems during a digital forensics and incident response engagement. The malware disguises itself as a legitimate system service and employs advanced encryption for command-and-control communications. By reverse-engineering it, the team created tools to decrypt its traffic more quickly.

Russian Networks Linked to Laundering of LastPass Breach's $35M in Stolen Crypto

Following the 2022 LastPass data breach, blockchain firm TRM Labs has tied over $35 million in stolen cryptocurrency to Russian cybercriminals, detailing sophisticated laundering via mixers and exchanges persisting into late 2025.

Rust-based Luca stealer targets Linux and Windows systems

Reported by AI

Threat actors are shifting from traditional languages like C and C++ to modern ones such as Rust, enabling cross-platform malware development. A new Rust-based information stealer called Luca has emerged, released openly to the public. This development highlights growing use of Rust in malware, posing new challenges for cybersecurity defenders.

March 11, 2026 02:47

Dutch intelligence accuses Russia of hacker attacks on WhatsApp and Signal

March 04, 2026 07:29

Russian court sentences three to five years for crypto robbery attempt

February 26, 2026 01:40

The hacker news publishes weekly threatsday bulletin

February 23, 2026 22:07

French police link crypto kidnappings to overseas kingpins

February 19, 2026 09:18

Experts claim ransomware attacks increasingly target firewalls

February 04, 2026 22:40

Russian gang faces jail for stealing blogger's crypto

December 10, 2025 08:16

Crypto's new rich seek privacy amid extortion threats

December 10, 2025 07:11

North Korean hackers exploit maximum severity React2Shell flaw

October 29, 2025 07:35

New gentlemen's raas advertised on underground forums

October 27, 2025 10:24

Qilin ransomware deploys Linux binaries against Windows systems

 

 

 

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline