The Kraken ransomware variant first assesses a target's system vulnerability before launching its attack. It then encrypts files without warning while stealing data quietly in the background. Hackers specifically target SQL databases, network shares, and local drives.
According to a TechRadar report published on November 19, 2025, the Kraken ransomware operates in a particularly devious manner. It begins by benchmarking the victim's system to evaluate how easily it can be hacked, allowing attackers to gauge the potential for successful infiltration.
Once the assessment is complete, the ransomware proceeds to encrypt everything on the system without any prior warning to the user. Simultaneously, it steals data silently in the background, evading immediate detection.
The attack actively targets key storage areas, including SQL databases, network shares, and local drives, making it a significant threat to organizational data integrity. This multi-stage approach highlights the evolving sophistication of ransomware tactics employed by hackers.