If you’ve ever assumed cybercriminals launch an attack and hope for the best, think again. The newest twist in the Kraken ransomware campaign shows attackers are now “testing the waters” before they go all in.
Cisco Talos researchers just exposed malware that runs a secret “ransomware benchmark” before encrypting files for real. Imagine a burglar walking into your office, timing how fast he can empty your filing cabinets before anyone notices. That’s essentially what this malware does, and the results of the hackers’ “test” could determine how much of your business data gets scrambled and how long your operations stay down.
The New Move: Ransomware That Tests Your System First
Ransomware performance benchmarking lets the attackers use a system-capacity exploitation tactic to determine how aggressively they can encrypt your data without raising alarms. When Kraken infects a machine, it doesn’t just immediately cause chaos. Instead, it quietly creates a random junk file, encrypts it as fast as it can, clocks the speed, then deletes the evidence.
If your system is fast, Kraken may resort to a full-encryption attack, locking down as much data as possible. If your system appears slower, the malware may switch to adaptive encryption ransomware tactics or a partial-encryption method that corrupts files just enough to break them without significantly impacting system performance so much that someone notices.
This lets the attackers personalize their destruction. And because partial encryption places less strain on CPUs and storage, the malware can remain hidden longer, allowing a stealthy ransomware attack to unfold undetected.
Older ransomware strains revealed themselves with fans spinning like jet engines, 100% CPU usage, and alerts. Kraken benchmarking malware exploits system capacity, so the crooks stay under the radar longer and dramatically increase their success rate.
Staying Ahead of Ransomware Benchmark Attacks
This new Kraken benchmarking malware trick is a problem for every business, not just massive enterprises. If your defenses rely solely on noticing out-of-place system behavior, Kraken is playing a whole new game.
Benchmarking helps keep suspicious CPU spikes to a minimum, reducing the risk of early detection. It also increases the odds of a successful attack by enabling hackers to make data-driven decisions. Recovery is more challenging, too, because even partial encryption can corrupt critical files your business depends on.
How can you stay ahead of this new threat?
- Enable behavioral detection to flag suspicious “test file” activity. Most next-gen endpoint tools already watch for sudden bursts of encryption on random files.
- Limit local admin rights. Kraken needs elevated privileges to run its benchmark cleanly.
- Patch everything and keep ransomware-specific blocks up to date.
- Implement network segmentation, so one compromised device doesn’t take down the entire business.
- Maintain offline, immutable backups that ransomware can’t reach or encrypt.
Don’t Let Your Business Become a Benchmark
Ransomware is getting faster and smarter. The days of “noisy” ransomware that announced itself with fireworks are fading. Modern stealthy ransomware benchmark attacks like Kraken are patient, smart, and terrifyingly efficient.
Your network is being measured the moment it gets infected. The only winning move is to make sure it never gets the chance.
