Malware News Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
As we cover ransomware extensively at BleepingComputer, some ransomware developers tend to interact with our site in various ways. This includes coming to the site to communicate with victims, releasing ransomware keys in our forums, or naming their command & control servers after our site's name.

Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of victims being infected by this ransomware.

This new version was first spotted by exploit kit experts nao_sec and Kafeine who saw it being distributed via malvertising and the RIG exploit kit.
After sharing the file hashes and information with BleepingComputer, I was able to determine that since October 20th, 2018, this ransomware has been able to infect 217 unique victims from all over the world.

As Kraken Cryptor is written in C# it allows us to easily see how the program operates. In this new version a variable is created that contains the string "BleepingComputer" as shown below.
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top