Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion Group

Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion GroupBy breaking into an attack server, security researchers have uncovered new details that show the connection between the Karakurt group and Conti ransomware.

It’s not every day that you hear about the good guys hacking into cybercriminal servers, gaining access to credentials, and having a look around to see how things work on the inside. But that’s what security researchers at Arctic Wolf were able to do as part of a response to a Conti ransomware attack last year that incurred a second attack using the same backdoor to gain entry. As you’d expect, the Conti attack left data encrypted. But the second attack was a pure data theft and extortion attack.

The researchers were able to gain access to a Conti-owned ProtonMail account, credentials, and access to a Conti virtual private server, discovering over 20 TB of data. Additionally, Arctic Wolf uncovered some interesting findings connecting the two organizations together:

  • Payments between cryptocurrency wallets managed by the two organizations
  • Several accounts of Conti victims also paying Karakurt at a later time

The article is an interesting read, showing how Conti may be extending their business model to include regularly selling off access to Karakurt to attempt a data extortion attack.

Conti is known for using phishing as the initial attack vector. And with the possibility of this double attack scenario, it becomes all that much more critical that the Conti attack be stopped before it starts. Adding Security Awareness Training to your phishing prevention strategy engages the employee to play a part in spotting and reporting any phishing emails that get passed security solutions to the Inbox, lowering the risk of initial attack success.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing, Ransomware

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews