We’re excited to carry Remodel 2022 again in-person July 19 and nearly July 20 – 28. Be a part of AI and information leaders for insightful talks and thrilling networking alternatives. Register at present!
A brand new report by Tetra Defense, an Arctic Wolf firm, in partnership with Chainalysis and Northwave, assessed that the Karakurt extortion group is operationally linked to each the Conti and Diavol ransomware teams, debunking Conti’s earlier pledge to victims that ransom funds would shield them from future assaults. By means of digital forensics and blockchain analytics, researchers recognized vital overlaps between Karakurt intrusions and Conti re-extortions.
Whereas Karakurt assaults can fluctuate with respect to instruments, some notable similarities started to emerge between some Karakurt intrusions and the sooner suspected Conti-related re-extortion, together with using the identical instruments for exfiltration and a novel adversary option to create and go away behind a file itemizing of exfiltrated information named “file-tree.txt” within the sufferer’s surroundings, in addition to the repeated use of the identical attacker hostname when remotely accessing victims’ networks.
Moreover, researchers discovered examples of cryptocurrency shifting between Karakurt and Conti wallets; some Karakurt sufferer cost addresses are literally co-hosted in the identical wallets as Conti sufferer cost addresses. In a single incident, Karakurt acknowledged and “warned” a sufferer that one other attacker (Conti) was current within the community. After a brief backwards and forwards, Conti took over the negotiations, leveraging the info that Karakurt had stolen.
These clear connections between Karakurt and Conti, in addition to Diavol and Conti, add to the bigger image of Conti that Arctic Wolf has been in a position to paint over the past couple of months, following the Jabber leaks in February 2022. The largest takeaway for victims is that any connection between the group diminishes the worth of Conti’s “promise” to victims that they’ll not be attacked once more, ought to they pay the ransom. If Karakurt and Diavol are performing as subsidiaries or companions of Conti, accessing victims which have already paid Conti, the inducement to pay solely decreases, since there’s a non-zero probability an organization could also be re-victimized by certainly one of Conti’s associates.
Learn the full report by Arctic Wolf.
