Karakurt Team hits North America and Europe with data theft and extortion

2022-06-03 16:49

A new joint Cybersecurity Advisory has been issued by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury and the Financial Crimes Enforcement Network to raise awareness and provide information about the Karakurt Data Extortion Group.

The Karakurt Data Extortion Group, also known as Karakurt Team and Karakurt Lair, is a threat actor threatening companies to publicly disclose internal stolen data unless they receive payment of a ransom, which ranges from $25,000 USD to $13,000,000 USD in Bitcoin, within a week.

In that case, the Karakurt team can work on monetizing the data theft instead of the data encryption.

The next move from Karakurt Team is to exfiltrate large amounts of data.

If the payment is done, Karakurt Team provides evidence of data deletion: screen recordings of files being deleted, deletion log file, or credentials to access a storage server, so the victim can delete the data themselves.

Finally, Karakurt Team sometimes exaggerates the degree of compromise to the victim, claiming volume theft bigger than the storage capacity or data theft that does not belong to the victim.

News URL

https://www.techrepublic.com/article/dealing-with-karakurt-team-data-theft-extortion/

#america #europe