Russian cybercriminals release new ransomware

English

A notorious group of Russian cybercriminals has resurfaced with a new ransomware variant. However, security experts note that files encrypted by this malware can be easily decrypted.

The return of these Russian cybercriminals marks a concerning development in the cybersecurity landscape. According to reports, the group has introduced a fresh ransomware strain aimed at encrypting victims' files. Despite the threat posed by such attacks, there is a silver lining: the encryption used in this new variant is not robust, allowing for straightforward decryption processes.

This ransomware follows a pattern seen in previous operations by the group, which has a history of targeting various sectors. While details on the specific targets or distribution methods remain limited, the ease of decryption suggests that affected users may recover their data without significant loss, provided they act promptly with appropriate tools.

Experts advise organizations to remain vigilant against phishing and other entry points commonly exploited by ransomware actors. The publication date of this information is December 12, 2025, highlighting the ongoing evolution of cyber threats from Russian-based groups.

Related Articles

Realistic illustration of a computer screen showing the VanHelsing ransomware attack targeting multiple operating systems, suitable for a cybersecurity news article.
Image generated by AI

VanHelsing ransomware RaaS targets multiple platforms

Reported by AI Image generated by AI

A new ransomware-as-a-service operation called VanHelsing emerged on March 7, 2025, quickly claiming at least three victims. It supports attacks on Windows, Linux, BSD, ARM, and ESXi systems, with affiliates retaining 80% of ransoms after a $5,000 deposit. The group prohibits targeting entities in the Commonwealth of Independent States.

CyberVolk launches VolkLocker ransomware targeting Linux and Windows

The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.

CyberVolk's VolkLocker hampered by plaintext master key flaw

Reported by AI

SentinelOne researchers have disclosed a critical flaw in CyberVolk's new VolkLocker ransomware-as-a-service: a hardcoded master key stored in plaintext, enabling victims to decrypt files without ransom payment. Following the group's August 2025 relaunch after Telegram bans, this weakness underscores quality issues in their RaaS ecosystem.

Technology

Ransomware gang NightSpire claims Hyatt data breach

Technology

Crypto's new rich seek privacy amid extortion threats

Technology

North Korean hackers exploit maximum severity React2Shell flaw

Russian Networks Linked to Laundering of LastPass Breach's $35M in Stolen Crypto

Following the 2022 LastPass data breach, blockchain firm TRM Labs has tied over $35 million in stolen cryptocurrency to Russian cybercriminals, detailing sophisticated laundering via mixers and exchanges persisting into late 2025.

Rust-based Luca stealer targets Linux and Windows systems

Reported by AI

Threat actors are shifting from traditional languages like C and C++ to modern ones such as Rust, enabling cross-platform malware development. A new Rust-based information stealer called Luca has emerged, released openly to the public. This development highlights growing use of Rust in malware, posing new challenges for cybersecurity defenders.

Hackers extort French crypto firm Waltio after stealing user data

Hackers have targeted Waltio, a French cryptocurrency accounting platform, demanding a ransom after stealing emails and tax reports from 50,000 customers. The company reported the incident on January 21, 2026, stating that no passwords or highly sensitive data were compromised. French authorities are now investigating the sophisticated cyberattack.

Attackers hijack Linux Snap Store apps to steal crypto phrases

Reported by AI

Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.

February 04, 2026 22:40

Russian gang faces jail for stealing blogger's crypto

February 04, 2026 19:25

Russian hackers exploit Microsoft Office vulnerability days after patch

January 24, 2026 21:25

Wiper malware targets Poland's energy grid but causes no blackout

January 24, 2026 06:44

Experts highlight AI threats like deepfakes and dark LLMs in cybercrime

December 31, 2025 02:53

US cybersecurity professionals plead guilty to blackcat ransomware attacks

December 21, 2025 12:02

Chinese hackers install backdoors via Cisco email zero-day

December 19, 2025 11:19

Cisco email security products targeted in zero-day campaign

November 05, 2025 22:25

Russian hackers use Linux VMs to hide malware on Windows

October 29, 2025 07:35

New gentlemen's raas advertised on underground forums

October 27, 2025 10:24

Qilin ransomware deploys Linux binaries against Windows systems

 

 

 

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline