The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them.
According to Cisco Talos researchers, Kraken's feature is a rare capability that uses temporary files to choose between full and partial data encryption.
The Kraken ransomware emerged at the begining of the year as a continuation of the HelloKitty operation, and engages in big-game hunting attacks with data theft for double extortion.
On the gang's data leak sites there are listed victims from the United States, the UK, Canada, Panama, Kuwait, and Denmark.
Cisco researchers note that various mentions on Kraken’s site, as well as similarities in the ransom note, indicate connections with the now defunct HelloKitty ransomware that gained prominence in 2021 and attempted a rebranding after the leak of its source code.
Apart from the ransomware operation, Kraken has also launched a new cybercrime forum named “The Last Haven Board” to facilitate supposedly secure communications and exchanges.
Kraken's extortion portal on the dark web
Source: BleepingComputer
Kraken attack chain
According to Cisco’s observations, Kraken ransomware attacks typically begin with the exploitation of SMB vulnerabilities on internet-facing assets, providing the threat actors with an initial foothold.
... continue reading