How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures

The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.

Scott Bledsoe, CEO, Theon Technology

July 20, 2022

3 Min Read
Ransomware image
Source: marcos alvarado via Alamy Stock Photo

The Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) recently released a joint Cybersecurity Advisory (CSA) focusing on the Karakurt data extortion group, an emerging organization known for stealing company data and demanding ransom to avoid public exposure. The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.

So, what does this mean for businesses, both small and large?

Karakurt actors have long engaged in various tactics, techniques, and procedures (TTPs), that create considerable challenges for defense and mitigation. While the targets of Karakurt have not reported their data and files compromised, they have reported falling victim to ransom requests ranging from $25,000 to $13 million in Bitcoin.

The Move Toward Data Decryption

Karakurt is the new face of ransomware, taking advantage of poor encryption. Historically, ransomware did not care about the encryption used to protect the data because it did not decrypt the original data. Instead, it took existing encrypted data and made it unusable to the victim. Eventually, organizations began conducting proper backups and therefore stopped paying the ransom requested. As a result, ransomware entities have upped their game and are beginning to decrypt data.

Why is it so easy for these criminals to decrypt data? The answer is the use of a single key to encrypt all records and store the key in an unprotected environment. All it takes for an attacker is to find the key and they will have access to all an organization's data.

How can organizations mitigate this risk? One solution is OTP (one-time pad), as it is necessary to keep classified data safe and can be easily adopted. A big advantage for OTPs is that not only are they extremely secure, they are incredibly easy for organizations to integrate into their wider authentication strategies.

OTP and Beyond

OTPs may have been born before digital computing, but they continue to represent an unbeatable cryptographic standard. OTPs include a system where a private key is used by random generation and significantly helps prevent access to breaches. The key is employed only once in order to securely encrypt data, and will be decrypted by the recipient by utilizing a corresponding one-time pad and key. Even if an attacker or criminal group like Karakurt were to obtain a valid set of login credentials, it would be unable to breach the system.

Beyond OTP, and when examining Karakurt's TTPs, it's vital for organizations to review current encryption policies and technologies deployed, as well to ensure there are no open vulnerabilities to be exploited. In addition, the application of newer quantum-resistant approaches will mitigate potential short- and long-term harm. The time is now to take these proactive steps. Quantum computers can decipher cryptographic keys and create threats, much like Karakurt is known for.

Cybercriminals are becoming increasingly creative and organizations must be prepared with measures that will do the most to protect their most valuable assets: their data. It's time for organizations to take a look at security measures currently in place and act accordingly. Once adequate measures are in place, the problem with cyberattacks will become the ability to detect attacks rather than worrying about control and minimizing the damage.

About the Author(s)

Scott Bledsoe

CEO, Theon Technology

Scott Bledsoe has demonstrated a history of success leading organizations and teams in IT and IT services across business-to-business and business-to-consumer brands from startups to Fortune 500 organizations. Scott has deep experience in fundraising, strategy development and execution, team building, revenue and expense expectation management, business development, investor and board relations along with public offerings and acquisitions. Scott most recently was at Dell/EMC after selling Avamar to EMC.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights