Cisco Talos has identified an emerging threat from Kraken, a sophisticated cross-platform ransomware group that has emerged from the remnants of the HelloKitty ransomware cartel.
In August 2025, the security firm observed the Russian-speaking group conducting big-game hunting and double-extortion attacks against enterprise environments worldwide.
Kraken represents a significant evolution in ransomware threats due to its multi-platform capabilities.
Unlike traditional ransomware families that target a single operating system, Kraken features distinct encryptors engineered explicitly for Windows, Linux, and VMware ESXi systems.
This architectural approach allows the group to maximize damage across diverse infrastructure environments, from traditional servers to virtualized ecosystems.
According to Talos incident response observations, Kraken’s infection chain begins with the exploitation of Server Message Block (SMB) vulnerabilities on internet-exposed servers. Once initial access is…