Karakurt data extortion group: CISA issues alert
In a joint Cybersecurity Advisory by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN), the four U.S. agencies warned businesses about the tactics, techniques, and procedures (TTPs) of the Karakurt data extortion group. Unlike ransomware groups, Karakurt does not encrypt data, it simply steals it. The group then threatens the victimized business with auctioning the sensitive data if the company does not pay the extortion fee. The alert says the fee typically ranges between $25,000 to $13,000,000 in Bitcoin.
“This is an interesting plot twist,” commented Avast Security Evangelist Luis Corrons. “Ransomware gangs started stealing data and using extortion to enforce payment when victims refused to pay as they had their own backups. Now this group has figured out that they can skip the encryption process altogether. They do not have to invest in ransomware, providing keys, etc. It has yet to be seen if this ‘business model’ will be more successful than the traditional ransomware one, where victims tend to lose access to all their data.” Karakurt typically gives the business a week to pay, and it piles on the pressure by harassing the company’s employees and clients with phone calls urging them to get the business to comply with the demands. For more, see ZDNet.
Europol takes down Flubot…maybe
This week, Europol announced that an operation involving authorities from 11 countries has succeeded in disrupting the fast-spreading Android mobile malware known as Flubot. The botnet’s aggressive attack tactics are due to its ability to access contacts on whatever device it infects, sending out phishing messages that continue its spread. Flubot has been known to steal passwords, online banking details, and other sensitive information. Dutch police say they managed to deactivate the malware strain, but the investigation is ongoing as Europol tries to identify the criminals behind it. While Flubot may be down for now, history has shown that botnets are exceedingly difficult to eradicate completely. For more, see Cyberscoop.
