In the last few months, it has been proved that Ransomware-as-a-Service (RaaS) has turned out to be a lucrative business model in the cybercriminal world. The latest report jointly devised by two cybersecurity companies reveals that Kraken operators have introduced a new exploit kit for the RaaS activity instigated by the strain.
The new exploit primarily affects the devices operating on Windows 8.0, 8.1 and 10 and it has been developed to get around the activity of antivirus software programs. This means Kraken will be able to infiltrate the affected device in more like a stealth mode.
The experts have done sufficient research on the dark web to find out further details about RaaS model of Kraken. According to their digging on several cybercriminal platforms on the dark web, the operators of Kraken RaaS are asking anywhere between 0.075 and 1.25 Bitcoins to provide the decryption key for ransomware removal.
Moreover, the developers are promising 80 percent of ransom amount to their affiliates and also providing them an email ID, which is used in the ransom note as the attackers’ contact. Also, they are promising to help the partners with the 24/7 customer support model.
It is interesting to note that the developers of the latest Kraken RaaS exploit have also compiled a list of countries not to be targeted. There are more than a dozen countries in this list including Russia and Syria.
The activity of latest Kraken exploit suggests that it has been developed by employing exceptional malware expertise. The strain is not only able to bypass UAC, but it also deletes itself from the targeted computer after wreaking havoc. This is an anti-forensic technique employed by really few cybercriminals in their malware activity. The self-deletion feature of Kraken will also make it difficult for experts to carry out professional ransomware removal measures.
