HelloKitty ransomware descendant Kraken ransomware gang has been evaluating targeted Windows, Linux, and VMware ESXi machines to ensure optimized data encryption, BleepingComputer reports.After exploiting Server Message Block vulnerabilities for initial access, obtaining admin credentials, and leveraging the Cloudflared and SSH Filesystem tools for data exfiltration, Kraken accessed the targeted network's systems before providing an encryption command benchmarking machines' performance to decide whether partial or complete data encryption would be used, according to Cisco Talos researchers.Kraken ransomware's Windows encryptor featured modules for encrypting Microsoft SQL data files, files on reachable shares, local drive contents, and virtual machine disk files, while its Linux/ESXi iteration allowed VM enumeration and termination for disk file unlocking.All logs and shell history, as well as the Kraken binary, were later erased by the self-removing 'bye_bye.sh' script, said researchers, who noted that the Kraken had demanded $1 million worth of Bitcoin as ransom in one of the observed attacks. Kraken was also observed to have unveiled "The Last Haven Board" hacking forum.
Ransomware, Encryption
Benchmarking optimizes Kraken ransomware encryption
(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds