The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware.
Kraken Cryptor is a Ransomware as a Service (RaaS) that is actively being distributed by affiliates. As this is an affiliate system, we are seeing different bad actors distributing the ransomware using a variety of methods. For example, last month a Kraken affiliate compromised the Superantispyware.com site and was distributing the ransomware as a fake installer for the SuperAntiSpyware security program.
The affiliate behind the SuperAntiSpyware compromise told BleepingComputer via email that they had originally planned on replacing the original SuperAntiSpyware.exe file with the ransomware executable, but for some reason never did it.
Source: Bleeping Computer