The FBI, alongside the CISA and other security agencies, recently published a joint threat advisory regarding the illegal activities done by the Karakurt cybercriminal group. According to the advisory, the group has been attempting to extort millions of dollars from its victims in North America and Europe.
Moreover, the agencies’ joint statement suggests that victims should be wary of paying the ransom asked by the threat actors since there is no proof that the adversaries have already deleted or will delete the stolen files.
Researchers have spotted the group selling critical data and demanding a huge ransom from the victims since the start of their campaign.
Karakurt demands a hefty ransom in a short period.
Based on reports, the average ransom asked by the Karakurt operators starts from $25k to about $13 million in Bitcoin. However, the victim of the group will be pressured as the group only gives a week to wait for the ransom.
The extortion routine of the group is that they will send a ransom note to the employees of the victimised organisation, which threatens the target to leak the stolen information if the ransom is not provided.
However, the group’s strategy is not to wait for the ransom to be paid. They will execute harassment campaigns by calling their victim’s partners, clients, and employees, informing them that the company is under attack.
The twisted part is that the Karakurt group will use exaggerated claims regarding the amount of the stolen data to warn the organisation’s partner and create panic and pressure to get the ransom quickly.
The threat group does not encrypt the data but only steals it. They will rely on their target’s concern so that they will pay the ransom.
The cybersecurity threat advisory indicated that in some cases, the Karakurt group targets businesses that ransomware attacks have already targeted. The group might have purchased previously stolen data on the dark web or in data dumps.
The group also follows standard breaching tactics such as exploiting vulnerabilities, distributing phishing emails, abusing unpatched bugs in VPN software, and abusing outdated Windows OS.
Karakurt is currently exploiting critical flaws to target businesses with double-extortion tactics. However, companies can mitigate Karakurt’s attack by applying updates as soon as they are available, training employees, adopting network segmentation, and employing MFA.
