Data extortion group

Security Agencies Issue Joint Alert on Karakurt Ransomware Group

U.S. security agencies have issued a joint cybersecurity alert on the Karakurt data extortion gang, a ransomware group that has caused “significant challenges for defense and mitigation.”

The FBI, Cybersecurity and Infrastructure Security Agency, Department of the Treasury and Financial Crimes Enforcement Network said the group has demanded as much as $13 million in bitcoin as ransom.

Based on known cases, Karakurt’s targets belong to different industries and sectors, CISA said Thursday.

The group’s attack vectors include common vulnerabilities and exposures, phishing and spear phishing attacks, stolen credentials and the Log4j vulnerability that drew the cybersecurity community’s attention in late 2021.

According to threatening emails received by victims, Karakurt steals information such as social security numbers, payment accounts, private emails and business data.

If the victim gives in to the demand, the hackers show alleged proof that they have deleted the stolen files, such as by sending screenshots of file trees or actual copies of the files.

Security researchers have said that there might be a connection between Karakurt and the larger Conti ransomware group, Bleeping Computer reported in April. Karakurt has been active since at least June 2021 and affected more than 40 organizations between September and November 2021 alone.

CISA recommended that organizations create data recovery plans for sensitive data, implement network segmentation, update their systems whenever possible, disable hyperlinks in incoming emails, enforce multi-factor authentication and other mitigation steps.

The agency also directed organizations to the Mitre Att&ck framework, which lists the known behaviors and attack patterns of Karakurt.