Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox

Security

A once-overlooked ransomware tool has resurfaced in enterprise attacks under the guise of a more advanced strain, according to research presented by SentinelLabs at LABScon 2024.

Kryptina, a Ransomware-as-a-Service (RaaS) tool initially available for free on dark web forums, has been adopted by affiliates of theMallox ransomware group, a well-known player in enterprise cyber-attacks.

The Kryptina platform, first released in December 2023, failed to gain traction among cybercriminals. However, in May 2024, a Mallox affiliate leaked server data, revealing the use of a modified version of Kryptina to powerLinux-based ransomware attacks.

This version, referred to as “Mallox v1.0,” retains the core functionality of Kryptina while stripping its branding, signaling the commoditization of ransomware tools in the cybercrime market.

Key findings from the SentinelLabs research include:

  • The Kryptina-derived Mallox variant uses AES-256 encryption with minor changes to the original code

  • The Mallox affiliate updated Kryptina’s source code and documentation, translating it into Russian and adjusting branding but leaving encryption routines largely intact

  • The leaked data also contained configurations for various Mallox campaigns, targeting at least 14 victims

This development highlights a broader trend in the ransomware landscape, where previously abandoned or unsellable tools are repurposed by more sophisticated actors.

Read more on the rising threat of ransomware in enterprise environments: FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023

“The Kryptina-derived variants of Mallox are affiliate-specific and separate from other Linux variants of Mallox that have since emerged, an indication of how the ransomware landscape has evolved into a complex menagerie of cross-pollinated toolsets and non-linear codebases,” SentinelLabs explained.

The security firm added that the introduction of various codebases by individual affiliates complicates the situation, making it more challenging to track these tools and comprehend the extent of their usage and adoption.

“Looking forward, we expect to see more outlier platforms like Kryptina being absorbed into the TTPs leveraged by more advanced threat actors.”

Products You May Like

Articles You May Like

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Canada Orders Shutdown of Local TikTok Branch Over Security Concerns
Energy Giant Halliburton Reveals $35m Ransomware Loss
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
ESET APT Activity Report Q2 2024–Q3 2024

Leave a Reply

Your email address will not be published. Required fields are marked *