The cybersecurity research firms, the Recorded Future and McAfee has conducted a joint investigation that has unearth a fact that the Kraken Cryptor, which is a known ransomware program has expanded to a large scale on the dark web with a new distributor partner in the Fallout Exploit Kit. Kraken Cryptor is a ransomware-as-a-service (RaaS) model that was first discovered by the security researchers back in August in the year 2018 that is able to victimize and gain revenue through its affiliate program. The malware was released through a Russian forum by the username “ThisWasKraken”. The Kraken Crypto malware has been the most popular program used by the cybercriminals from the dark web who intends to use it for exploiting unsuspecting antivirus software consumers. The cybercriminals are reaching out for those customers who wish to install or have installed the antivirus program named SuperAntiSpyware. The latest extension of the malware and collaboration with its partner Fallout Exploit Kit has provided them ample scope to deliver malware to the customers.
Some of the key features of the Kraken Crypto ransomware have been listed out in a Russian forum on the dark web which is as follows:
- The source code of the malware uses the C# (.NET 3.5) programming language.
- The malware is completely autonomous having a very small file size of 85 KB.
- The ransomware program gathers information on the system of the victim as an encrypted message to refer the affiliate.
- Kraken Crypto ransomware utilizes a hybrid combination of encryption algorithms for a secure and fast encryption. Each encrypted file comes with a unique key that is used by the administrators in the regulation of the affiliate members to revoke their obligated cut.
It is made impossible for the victims to recover their files using recovery center or any other sophisticated tools without giving up on the requested ransom.