The new Kraken v.2 version is being advertised on an underground forum and is available through a ransomware-as-a-service (RaaS) model. With just $50 it is possible to join the affiliate program as a trusted partner and received a new improved build of the Kraken ransomware every 15 days. Affiliates receive 80 percent of the paid ransom and operators offer a 24/7 support service.
“The McAfee Advanced Threat Research team, working with the Insikt group from Recorded Future, found evidence of the Kraken authors asking the Fallout team to be added to the Exploit Kit. With this partnership, Kraken now has an additional malware delivery method for its criminal customers.” reads a post published by McAfee.
“We also found that the user associated with Kraken ransomware, ThisWasKraken, has a paid account. Paid accounts are not uncommon on underground forums, but usually malware developers who offer services such as ransomware are highly trusted members and are vetted by other high-level forum members. Members with paid accounts are generally distrusted by the community.”
Kraken Cryptor is a ransomware-as-a-service (RaaS) affiliate program that first appeared in the cybercrime underground on August 16, 2018, it was advertised in a top-tier Russian-speaking cybercriminal forum by the threat actor ThisWasKraken.