"A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain of ransomware an acutely dangerous threat, according to researchers at Halcyon's Ransomware Research Center (RRC). The Sicarii ransomware-as-a-service (RaaS) operation emerged from the cyber criminal underground in December 2025, when it started advertising for affiliates on the dark web."
"The problem arises through how the Sicarii binary handles its RSA implementation. When the ransomware locker first executes, it regenerates a new RSA key pair locally, uses this key for encryption, but then discards the private key for some reason. The end result is that this "per-execution" key generation means encryption is not tied to any recoverable master key, so victims have no viable decryption path and attacker-provided decryptors are ineffective."
A coding error, possibly introduced by over-reliance on AI-assisted coding tools, has made an emergent ransomware strain acutely dangerous. Sicarii appeared in December 2025 as a ransomware-as-a-service operation advertising for affiliates on the dark web. A critical flaw in RSA key handling causes the binary to generate a new RSA key pair on each execution and then discard the private key. That per-execution key generation severs encryption from any recoverable master key, leaving victims without viable decryption paths. As a result, paying ransom cannot be relied upon to restore encrypted data.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]