The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 1 warning about the Karakurt Data Extortion Group which has been conducting online financial extortion exploits via cyber attacks.
CISA warned about a variety of the group’s tactics, but said one of the attacks most often used involves stealing large quantities of data from businesses, and then threatening to auction off the data unless a ransom is paid.
The group’s exploits, CISA said, involve ransom demands as little as $25,000, and rising to as high as $13 million, with payment demanded in bitcoin.
CISA provided a series of mitigation steps that organizations can take to mitigate against those kinds of attacks, including:
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure locations;
- Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization;
- Regularly back up data and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides; and
- Install and regularly update antivirus software on all hosts and enable real time detection.
CISA, along with other Federal agencies, are actively pursuing the extortion group, and have already taken down some of their online auction websites.