FortiGuard Labs recently detected new versions of Kraken Cryptor Ransomware. While the beta tag has been removed from its configuration, there are still numerous bugs in this ransomware, and the author is still continuously modifying its basic functions.
This ransomware variant is relatively new, only starting to spread this past August. It is obvious that this ransomware is still under construction and that the author is continuing to add new methods to improve its functionalities. However, when we analyzed recent samples, we found the these new versions of the malware are still too unstable to execute themselves. They are still filled with coding bugs, and even have message box for debugging. After encountering multiple unusable versions, we were finally able to obtain a functioning sample.
In this article, we will analyze the new “working” version of the Kraken Cryptor Ransomware, which is still under-construction and trying to be more stable. For details on the basic behavior of this ransomware, you can check here to look at some information posted by McAfee last month for reference.