Kraken, a Russian-speaking cybercriminal group, has gained notoriety for its cross-platform ransomware attacks that affect multiple operating systems, including Windows, Linux, and VMware ESXi. This group, suspected to be linked to the HelloKitty operation, conducts double-extortion attacks where both encryption and data publication threats are employed. Its attack methodology often begins with exploiting SMB vulnerabilities on internet-exposed servers, allowing for entry into target systems.
The attack’s complexity is marked by its ability to siphon off privileged credentials and maintain access via Remote Desktop Protocol. Uniquely, Kraken performs benchmarking operations to remain undetected during encryption processes. Its ransomware employs advanced algorithms like RSA-4096 and ChaCha20, enabling tailored attacks based on parameters such as file size limits and timeout delays. Notably, Kraken optimizes its encryption methods by selectively encrypting SQL databases and network shares while excluding critical system files, facilitating ransom negotiations without disabling system functionality.
👉 Pročitaj original: Cyber Security News
