The Kraken ransomware targets multiple systems including Windows, Linux, and VMware ESXi, using innovative techniques to optimize encryption speed without overloading machines. It conducts big-game hunting attacks involving data theft and utilizes a new cybercrime forum for secure communication. #HelloKitty #KrakenRansomware
Keypoints
- Kraken ransomware exploits SMB vulnerabilities to gain initial access to systems.
- It uses performance benchmarks to determine whether to perform full or partial encryption.
- Cryptominers delete shadow volumes, Recycle Bin, and stop backup services before encrypting files.
- The ransomware encrypts data on SQL databases, network shares, local drives, and virtual machines.
- Kraken employs tools like Cloudflared and SSHFS to exfiltrate data and maintain persistent access.