U.S. cybersecurity officials issue notice on Karakurt extortion group

Written by
Jun 2, 2022 | CYBERSCOOP

A trio of U.S. government agencies on Wednesday issued an advisory with technical details related to the Karakurt data extortion gang, warning that the group has “employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation.”

Karakurt — also known as the Karakurt Team or Karakurt Lair — doesn’t destroy or encrypt victim files. Instead, the group steals data and threatens to publish it, with known ransom demands ranging between $25,000 and $13 million in bitcoin, according to the notice published jointly by the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Treasury Department and the Treasury Department-run Financial Crimes Enforcement Network.

Karakurt is part of the Conti ransomware group, multiple independent cybersecurity researchers reported in April.

Wednesday’s notice does not reference Conti, but notes that Karakurt has extorted victims previously attacked with other ransomware variants, or at the same time the victims were under attack by other actors.

Conti has made international headlines of late after attacking more than two dozen Costa Rican government agencies beginning April 17. Costa Rican President Rodrigo Chaves declared a national

Read More: https://www.cyberscoop.com/karakurt-extortion-cisa-advisory-conti-ransomware/