New Kraken Cryptor Ransomware Opens Chilling Affiliate Program and Offers Scary Rewards
Recently, some researchers have discovered a new crypto ransomware scheme that implicates a group of Russian hackers which are using malware and ransomware to steal Bitcoin (BTC) from their victims and using crypto gambling sites as a way to launder the money. The story was originally reported by The Next Web’s Hard Fork.
The scheme was known as Kraken Cryptor and it was discovered by people at the Inskit Group and McAfee. The first time that the scheme was seen was in August 2018. At the time, the service was disguised as a legitimate antivirus software and it was distributed by a company called SuperAntiSpyware.
The catch is that the malware used the Fallout exploit kit to steal the control of the victim’s machines. However, in a different way from many other schemes, Kraken Cryptor used an affiliate program for the “antivirus” that offered a cut from the Bitcoin ransom payments for the people who helped to spread the program.
This technique is known as “ransomware-as-a-service” and it is very popular among dark web users. The ransoms generally tend to be from $500 to $8,000 USD and are generally paid in Bitcoin (BTC), unlike many schemes which use Monero (XRM), which is more anonymous.
Attackers Laundered The Money At an Online Casino
An online Bitcoin casino known as BitcoinPenguim was used by the attackers. It was not very well known and it did not use any kind of verification process, so it was a good vehicle for money laundering.
The operation was very organized and it required all the affiliates to pay $50 USD in order to participate. The program would be able to reject people for any reason without refund as they wished but by paying the money, the users would get 80% of the ransomware.
It was noticed that the attackers used English and Russian to communicate, but they made mistakes in both languages, which could mean that they were not natives of any language.
Curiously, the hackers forbid partners from attacking people from the former Soviet bloc: Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kyrgyzstan, Kazakhstan, Lithuania, Latvia, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan. At the moment, nobody knows how much money was stolen from users.