We’re excited to carry Rework 2022 again in-person July 19 and just about July 20 – 28. Be part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register today!
A brand new report by Tetra Defense, an Arctic Wolf firm, in partnership with Chainalysis and Northwave, assessed that the Karakurt extortion group is operationally linked to each the Conti and Diavol ransomware groups, debunking Conti’s earlier pledge to victims that ransom funds would shield them from future assaults. Via digital forensics and blockchain analytics, researchers recognized vital overlaps between Karakurt intrusions and Conti re-extortions.
Whereas Karakurt assaults can fluctuate with respect to instruments, some notable similarities started to emerge between some Karakurt intrusions and the sooner suspected Conti-related re-extortion, together with using the identical instruments for exfiltration and a novel adversary option to create and depart behind a file itemizing of exfiltrated knowledge named “file-tree.txt” within the sufferer’s setting, in addition to the repeated use of the identical attacker hostname when remotely accessing victims’ networks.
Moreover, researchers discovered examples of cryptocurrency transferring between Karakurt and Conti wallets; some Karakurt sufferer fee addresses are literally co-hosted in the identical wallets as Conti sufferer fee addresses. In a single incident, Karakurt acknowledged and “warned” a sufferer that one other attacker (Conti) was current within the community. After a brief forwards and backwards, Conti took over the negotiations, leveraging the info that Karakurt had stolen.
These clear connections between Karakurt and Conti, in addition to Diavol and Conti, add to the bigger image of Conti that Arctic Wolf has been capable of paint during the last couple of months, following the Jabber leaks in February 2022. The most important takeaway for victims is that any connection between the group diminishes the worth of Conti’s “promise” to victims that they may not be attacked once more, ought to they pay the ransom. If Karakurt and Diavol are performing as subsidiaries or companions of Conti, accessing victims which have already paid Conti, the motivation to pay solely decreases, since there’s a non-zero likelihood an organization could also be re-victimized by considered one of Conti’s associates.
Learn the full report by Arctic Wolf.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise know-how and transact. Learn more about membership.