The Reveal Platform
Intel Name: Unleashing the kraken ransomware group
Date of Scan: November 14, 2025
Impact: High
Summary: In August 2025, Kraken— a Russian-speaking ransomware group that emerged from the former HelloKitty cartel— conducted big-game hunting and double-extortion attacks. Cisco Talos observed the group exploiting SMB vulnerabilities for initial access, then using Cloudflared for persistence and SSHFS for pre-encryption data exfiltration. Kraken operates as a cross-platform ransomware, with dedicated encryptors for Windows, Linux, and VMware ESXi, and uniquely benchmarks victim systems before encryption. The group also promoted a new underground forum, “The Last Haven Board,” intended to provide a secure communication hub for cybercriminals.
