"US Warns Organizations of 'Karakurt' Cyber Extortion Group"
Several government agencies in the United States have issued a joint cybersecurity alert to warn organizations about a data extortion group named “Karakurt.” Karakurt is also known as the Karakurt Team and Karakurt Liar. The agencies stated that the group does not rely on malware to encrypt victims’ files. Instead, the group relies on exfiltrating data and threatening to sell it or release it publicly if a ransom is not paid within a specific timeframe. The agencies noted that typically, the Karakurt hackers give their victims one week to make the payment, with ransom demands ranging between $25,000 and $13 million in Bitcoin. When contacting the victim, the Karakurt actors provide screenshots or copies of stolen files to prove the intrusion. The agencies noted that once the ransom has been paid, the attackers also provide some sort of proof that files have been deleted and may also share details on how the initial intrusion occurred. The group has also been observed harassing victims’ employees, business partners, and clients in an attempt to pressure the company into making the payment. The agencies noted that the attackers often would share samples of stolen data, mainly personally identifiable information (PII), such as Social Security numbers, employment records, health records, private emails, payment accounts, and sensitive business files. Some victims, however, reported that the attackers “did not maintain the confidentiality of victim information” even if the ransom was paid. Before January 2022, the Karakurt group operated a leaks and auction website, but the domain went offline in spring 2022 after reportedly being relocated to the dark web. The agencies stated that as of May 2022, the website contained several terabytes of data purported to belong to victims across North America and Europe, along with several ‘press releases’ naming victims who had not paid or cooperated and instructions for participating in victim data auctions.
SecurityWeek reports: "US Warns Organizations of 'Karakurt' Cyber Extortion Group"