Kryptina RaaS is a Linux-focused RaaS platform & service that started life as an unsellable giveaway. However, large-scale ransomware operations are now adopting the platform to extend their reach into Linux and cloud environments.

In this talk, Jim Walter reveals how a recent leak from a Mallox ransomware-affiliated actor’s staging server provided insight into how Kryptina has been adapted for use in enterprise attacks.

The presentation focuses on recent developments and provides an understanding of why threat actors are attracted to the Kryptina platform, and what this means in the context of victims and targeting.

Jim also dissects what was included in the May 2024 Mallox leak and improvements and modifications that threat actors have made to the Kryptina platform.

About the Author

Jim Walter is a Senior Threat Researcher at SentinelOne focusing on evolving trends, actors, and tactics within the thriving ecosystem of cybercrime and crimeware. He specializes in the discovery and analysis of emerging cybercrime “services” and evolving communication channels leveraged by mid-level criminal organizations.

About LABScon

This presentation was featured live at LABScon 2024, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLABS.

Keep up with all the latest on LABScon 2025 here.