CyberVolk Ransomware Technical & Malware Analysis Report

Download Report

CyberVolk Group is a threat actor group originating from India. It is one of the members of the Holy League organization, established by APT 44 and other Russian/Russian-aligned hackers to carry out attacks against NATO, Ukraine, and states opposing Russia. CyberVolk Ransomware was developed by the CyberVolk Financially Motivated Threat Actor Group and released for sale as Ransomware-as-a-Service (RaaS) on July 1, 2024.

The report provides a detailed analysis of CyberVolk Ransomware. ThreatMon strives to prevent potential malicious activities by informing individuals, companies, firms, institutions, and organizations about current threats through our reports, posts, and analyses.

Key findings include:

It operates in an offline structure, encrypts files with the CyberVolk extension, and demands a payment of $1,000 for the decryption key.
The ransomware employs ChaCha20-Poly1305, AES, RSA, and quantum-resistant algorithms for encryption, making it highly secure.
CyberVolk ransomware has been found to block TaskManager to prevent the encryption process from terminating.
By opening the task manager, the user cannot terminate the running ransomware through the task manager.
The ransomware developed by the CyberVolk group is currently a threat to Windows users.
Cybervolk group admin claims to have earned through this ransomware, demonstrating this threat level's seriousness.
Mitigation, Mitre Att&ck Table, IOCs.

Relevant Reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields: