Security News > 2022 > April > Karakurt revealed as data extortion arm of Conti cybercrime syndicate
After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation.
In a recent report, Infinitum IT details that they were able to gain access to Conti's infrastructure when the Conti leaks started, on February 27, after logging into multiple ProtonMail and Mega storage accounts used by one Conti member.
"At the beginning of Conti leak on February 27, 2022, we are able to get inside multiple Protonmail and Mega Upload accounts used by one of the key members of Conti Ransomware group" - Infinitum IT. Once inside the email accounts, the researchers observed incoming emails from Inferno Solutions hosting provider, which allowed them to gain remote access to the VPS server's administration panel.
The analysis of the information on the storage server revealed that Conti had data with an older timestamp belonging to victims that have not been disclosed publicly.
BleepingComputer learned months ago from other security researchers that Karakurt is a side business of the Conti syndicate to monetize from failed encryption attacks.
Infinitum IT's report is the first public evidence showing that Conti ransomware and the Karakurt data extortion gang are part of the same financially-motivated group.