McAfee’s Advanced Threat Research team has announced the discovery of a new affiliate program using Kraken Cryptor ransomware that reveals new insights into the growth and effectiveness of the Ransomware-as-a-Service (RaaS) trend. While Kraken has gained in popularity in the cybercriminal world recently because of its success, the most significant aspect of this campaign is that it shows the growing ability of new ransomware families like Kraken to form alliances with other cybercriminal services that strongly improve their effectiveness and reach worldwide.
Key research highlights
- While earlier versions of Kraken ransomware had been seen before, the malware authors released V2 as part of an affiliate program which was promoted to customers via a video demoing its unique capabilities and world-wide reach in a popular underground forum.
- Gaining access to the program is easy. All customers need to do is complete a form and pay $50. Affiliates are then given a new build of Kraken every 15 days to keep the payload fully undetectable from antimalware products, allowing them to more quickly and easily profit from ransomware.
- Kraken is still quite a young family of ransomware, but based off the graphics the group published, they had managed to trick around 620 victims into downloading the malware and likely paying ransom.
- While ransomware families overall are decreasing, RaaS is growing among big players like GandCrab, Scarab and Obama ransomware who have made significant improvements to their malware delivery methods to increase their reach and infection rates worldwide.
- What’s more is that ransomware criminals have become more agile in their development cycle – where malware repairs used to take a week, but now only take a day or sometimes even hours for them to adapt the ransomware.
Please find a link to the research within the following blog here.