Kraken, a Ransomware as a Service (RaaS) operation, uses a new exploit kit to create victims. According to new research by McAfee and Recorded Future, it is difficult to protect against that combination.

With ransomware, files or an entire device are encrypted. Access can only be regained if the right key is known, for which cybercriminals often ask for money. Cracking encrypts all files regardless of size or what the file is after it has been given access to a system. The ransomware focuses on computers running Windows 8, 8.1 and 10. It can also be added to storage devices on the same network as an affected system.

After a system is encrypted, it is impossible to recover the files without paying. Victims can drop their systems and restore the data via backups.

John Fokker, Head of Cyber Investigations at McAfee, sees a striking trend in ransomware families like Kraken. This trend is the ability to enter into alliances with other cybercriminal services that greatly improve their effectiveness. “We also see how ransomware criminals become more agile in their development cycle – and can quickly fix any flaws identified by the security industry. Where these repairs previously took about a week, it now takes only a day or sometimes even hours to fix their ransomware.

Makers want to make money

Many of the insights into this ransomware come from a customer service representative, who maintains the nickname ‘ThisWasKraken’. This person runs Kraken Cryptor as an affiliate program, which allows others to obtain licenses of new versions of the ransomware designed to dodge anti-virus software.

McAfee indicates that Kraken’s goal is to encourage more wannabe cybercriminals to buy the RaaS and carry out their own attacks. That ultimately leads to more money for the creators of the RaaS.

In the case of Kraken, partners sign up for $50 and agree to forward 20 percent of all payments made by victims to the Kraken team. In return, the partner receives fresh versions of the Kraken malware every 15 days. All communication is via e-mail.

The Kraken team also creates a separate version of the malware for the partner. The partner himself can indicate the desired amount that victims have to pay. These amounts range from 0.075 to 1.25 bitcoin, which is $470 to $7,845. In addition, partners may request that certain countries be excluded, so that users are not targeted there.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.