Report: Karakurt attacks linked to Conti and Diavol ransomware groups

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!


A new report in partnership with Tetra Defense, Arctic Wolf Company, and Northwave evaluates that the Karakurt extortion group is working closely with both the Conti and Divol ransomware groups, which will pay the victims their previous pledges. Future attacks. Through digital forensics and blockchain analytics, the researchers identified a significant overlap between Caracart infiltration and conti retrieval.

While caracourt attacks may vary in terms of equipment, some significant similarities emerge between some caracart intruders and previous suspected counter-ransom redemption, including the use of similar equipment to extract and a unique antithetical choice to create and leave behind. Happens. File list of exiled data named “file-tree.txt” in the victim’s environment, as well as frequent use of the same attacker hostname when accessing the victim’s network remotely.

In addition, researchers found examples of cryptocurrency moving between Karakurt and Conti Wallets; Some Karakurt victim payment addresses are actually co-hosted in the same wallet as the Conti victim payment address. In one incident, Karakurt admitted and “warned” the victim that another attacker (Conti) was present in the network. Shortly afterwards, Conte took over the negotiations, taking advantage of the data that Caracourt had stolen.

Map of Karakurt victim locations.  There were 55 attacks in the US, eight in Canada and seven in the UK.

These clear connections between Caracourt and Conti, as well as the Devol and Conti, add to the larger picture of Conti that the Arctic Wolf has been able to paint over the past few months following a massive leak in February 2022. What is the biggest drawback for victims? Not at all Will be attacked again, if they must pay the ransom. If Caracourt and Divol are acting as Conti’s subsidiaries or partners, accessing victims who have already paid Conti, the incentive to pay only decreases, as there is zero chance that the company will be re-victimized by one of Conti’s affiliates. Not likely.

Read the full report by Arctic Wolf.

Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.