CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions

CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom.

Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian interests, leveraging sophisticated encryption techniques that render decryption impossible.

This article delivers a technical analysis of CyberVolk’s encryption architecture, execution flow, and the inherent flaws that prevent recovery without backups.

CyberVolk surfaced in May 2024, quickly distinguishing itself by focusing on public sector targets in nations with anti-Russian policies.

The group communicates via Telegram channels, issuing threats and ransom demands directly to victims.

Notable attacks include Japanese power grids, French research laboratories, and British scientific consortia.

CyberVolk’s motivations appear geopolitically driven, aligning with pro-Russian narratives by crippling the technological capabilities of adversarial states.

Upon launch under standard user privileges, the ransomware re-executes with administrator rights ...