Security News > 2022 > April > Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
2022-04-15 17:34

"Whether Karakurt is an elaborate side hustle by Conti and Diavol operatives or whether this is an enterprise sanctioned by the overall organization remains to be seen," researchers said.

Tetra Defense initially discovered the link between Karakurt and Conti at a client who claimed to have been hit with another extortion attempt after already falling victim to Conti and paying the ransom demand.

On the technological side, researchers observed similarities between Karakurt and Conti by creating a dataset of Karakurt intrusions, of which they've already observed more than a dozen, they said.

In their analysis, researchers quickly observed Karakurt wallets sending significant amounts of cryptocurrency to Conti wallets-in one instance, for example, Karakurt's extortion wallet moved 11.36 Bitcoin, or about $472,000 at the time of transfer, to a Conti wallet, they said.

Chainalysis also discovered shared wallet hosting between both Conti and Karakurt victim payment addresses, leaving "Virtually no doubt that Conti and Karakurt are deployed by the same individual or group," researchers noted.

Further, blockchain analysis also confirmed Diavol's connection to Karakurt and Conti, showing that Diavol and Karakurt extortion addresses are being hosted by the Conti wallet, they said.


News URL

https://threatpost.com/karakurt-conti-diavol-ransomware/179317/