A cyber-criminal gang is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information – and they’re harassing victim’s employees, business partners and clients in an effort to make extortion attempts as effective as possible.
A joint advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and other agencies warns that the Karakurt data-extortion group is trying to extort millions from victims across North America and Europe.
Known ransom demands have ranged from $25,000 to $13,000,000 in Bitcoin, with Karakurt setting a one-week deadline to pay before they publish the stolen information. The advisory doesn’t detail how many victims have paid the ransoms.
The gang offer what they claim to be proof of access to networks and stolen data using screenshots or copies of file directories. As part of the extortion campaign, ransom notes are sent to employees of the victim company, with threats to publish the stolen information, including employment records, health records, and financial business records.
But the Karakurt cyber criminals don’t just sit back and wait for a payment to come. According to the advisory, they engage in extensive harassment campaigns, sending emails and even making phone calls to employees, business partners, and clients with ‘warnings’ that the company needs to pay the ransom. It’s noted that Karakurt has been known to exaggerate how much data has been stolen.