The Karakurt ransomware group has been spotted by researchers targeting healthcare providers worldwide. The alert happened months after the FBI and CISA unveiled the technical details regarding how the group executes its attacks.
Reports show that the ransomware group has been targeting the US Healthcare and Public Health sectors since June. According to the federal law enforcement agency, at least four campaigns have affected an assisted living facility, healthcare provider, dental firm, and hospital during the first half of this year.
The Karakurt ransomware group prepares necessary details before executing its attacks.
The operators of the Karakurt ransomware group conduct reconnaissance, scanning, and collecting targeted data for a couple of months before it executes its primary attacks.
After the ransomware operation, the attackers obtain access to files containing patient names, Social Security numbers, addresses, dates of birth, medical diagnosis, medical history, medical record numbers, health insurance information, and treatment data.
Recently, the group has also threatened one of their victimised organisations that they would release information unless a ransom were paid by it.
The Karakurt ransomware group abuses some notable critical flaws to acquire initial access to its targets. These vulnerabilities include the compromised Remote Desktop Protocol, the legacy VPN appliances from SonicWall, Fortinet, and the infamous Log4j flaw.
In some cases, the threat actors exploited the unserviceable MS Windows Server instances to launch their malicious activities.
Last month, Karakurt changed its extortion strategy by deploying a searchable database where anyone can seek and shop specific details from previously targeted entities. Experts stated that the new tactic employed by the group overlapped with the one used by the BlackCat ransomware gang.
This detail is another milestone for the threat actors achieving their multi-staged extortion scheme to put more pressure on targets to pay the ransom. Furthermore, experts warned the business partners, clients, and employees of affected organisations that the group might harassed them over phone calls and emails so their companies would pay the ransom sooner.
As of now, affected healthcare entities are advised to get a powerful cybersecurity solution or provider to mitigate the effects of such attacks. These organisations are also advised to be more aware of the recent threats that circulate in the cybercriminal world.