kraken

Kraken leak blog (hellokitty) <br/>Kraken is a ransomware family first observed in August 2018 as a Ransomware-as-a-Service (RaaS) operation promoted on underground forums. The malware encrypts files with AES encryption (keys protected with RSA) and appends the .kraken extension to encrypted files. Early versions distributed by affiliates were bundled with Azorult spyware, enabling credential and cryptocurrency wallet theft before encryption. Kraken’s operators enforced strict rules for affiliates, including geographic restrictions on attacks, and provided customizable ransom notes and payment portals. Victims were instructed to pay in Bitcoin via Tor-hosted sites. Distribution methods included malicious email attachments, compromised RDP services, and downloads from malicious or compromised websites. Although its activity declined significantly after late 2018, Kraken remains notable for its hybrid model of ransomware deployment combined with credential theft.