Jim Walter

Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware

Kryptina RaaS (a Linux-focused RaaS platform & service) started life as an unsellable giveaway. However, large-scale ransomware operations are now adopting the platform to extend their reach into Linux and cloud environments. A recent leak from a Mallox-affiliated actor’s staging server has provided us a great deal of insight into how Kryptina is being adapted for use in Enterprise attacks. This presentation will focus heavily on the more recent developments and provide an understanding of why threat actors are attracted to the Kryptina platform, and what this means in the context of victims and targeting. We will also dissect what was included in the May 2024 Mallox leak and any improvements / modifications that current TAs have made to the Kryptina platform.


Jim Walter is a Senior Threat Researcher at SentinelOne focusing on evolving trends, actors, and tactics within the thriving ecosystem of cybercrime and crimeware. He specializes in the discovery and analysis of emerging cybercrime “services” and evolving communication channels leveraged by mid-level criminal organizations. Jim joined SentinelOne following ~4 years at a security start-up, also focused on malware research and organized crime. Previously, he spent over 17 years at McAfee/Intel running their Threat Intelligence and Advanced Threat Research teams.

S1_LABScon-2024_HeadshotEffect_Walter-Jim