Kraken Ransomware Expands Attacks To Windows, Linux, And VMware ESXi Systems

Cisco Talos researchers have uncovered a new wave of big-game-hunting and double-extortion attacks by the Russian-speaking Kraken ransomware group, which first surfaced in early 2025.

The group is believed to have evolved from the HelloKitty ransomware cartel, reusing similar infrastructure, ransom note formats, and targeting methods.

Cross-Platform Threat with Sophisticated Encryption

Kraken has emerged as a cross-platform ransomware family with distinct encryptors for Windows, Linux, and VMware ESXi systems, enabling it to target a wide range of enterprise environments.

In attacks during August 2025, Talos observed Kraken exploiting Server Message Block (SMB) vulnerabilities for initial access to Internet-exposed servers.

Once inside, the threat actors harvested administrator credentials, re-entered environments via Remote Desktop Protocol (RDP), and used tools like Cloudflared for persistence and SSH Filesystem (SSHFS) for data…

Facebook
Twitter
Pinterest
LinkedIn
Digg
Tumblr
Reddit
Buffer
Blogger
Newsvine
HackerNews
Flipboard
Share
LiveJournal
Yammer
Mix
Instapaper
Copy Link
Mastodon

Cross-Platform Threat with Sophisticated Encryption

Related Posts