Delaware, USA – October 5, 2018 — Adversaries behind the Fallout Exploit kit started distributing the latest version of the Kraken Cryptor Ransomware. Before that, they used the exploit kit for about two weeks to infect their victims with GandCrab ransomware. Kraken Cryptor, as well as GandCrab, is Ransomware-as-a-Service, so adversaries can easily switch from one malware to another as soon as a new version of malware that is not detected by signature-based antiviruses comes out. Kraken Cryptor was first discovered on this August and experienced several significant updates. The latest version of the ransomware renames the encrypted files to a random name with a random extension and downloads SDelete to clear and overwrite all free space on drives with zeros to complicate file recovering. So far, it is impossible to decrypt files without the participation of attackers, and for their “help” they demand 0.256 Bitcoin.
Now many cybercriminal groups use Kraken Cryptor in their attacks. Recently, attackers compromised Superantispyware.com website and distributed the ransomware under the guise of the SuperAntiSpyware applications installer. It is also known cases of ransomware attacks through the hacking of RDP connections. To detect typical signs of abuse or unauthorized access to your network, you can use VPN Security Monitor for your SIEM. This free rule pack provides visualization of the VPN service and monitors security events tied to access control: https://my.socprime.com/en/integrations/vpn-security-monitor-arcsight