MalwareTips Team
AV-Tester Advanced
Jul 22, 2014
As we cover ransomware extensively at BleepingComputer, some ransomware developers tend to interact with our site in various ways. This includes coming to the site to communicate with victims, releasing ransomware keys in our forums, or naming their command & control servers after our site's name.

Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of victims being infected by this ransomware.

This new version was first spotted by exploit kit experts nao_sec and Kafeine who saw it being distributed via malvertising and the RIG exploit kit.
After sharing the file hashes and information with BleepingComputer, I was able to determine that since October 20th, 2018, this ransomware has been able to infect 217 unique victims from all over the world.

As Kraken Cryptor is written in C# it allows us to easily see how the program operates. In this new version a variable is created that contains the string "BleepingComputer" as shown below.