At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion Group

    Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion Group

    By breaking into an attack server, security researchers have uncovered new details that show the connection between the Karakurt group and Conti ransomware.

    It’s not every day that you hear about the good guys hacking into cybercriminal servers, gaining access to credentials, and having a look around to see how things work on the inside. But that’s what security researchers at Arctic Wolf were able to do as part of a response to a Conti ransomware attack last year that incurred a second attack using the same backdoor to gain entry. As you’d expect, the Conti attack left data encrypted. But the second attack was a pure data theft and extortion attack.

    The researchers were able to gain access to a Conti-owned ProtonMail account, credentials, and access to a Conti virtual private server, discovering over 20 TB of data. Additionally, Arctic Wolf uncovered some interesting findings connecting the two organizations together:

    • Payments between cryptocurrency wallets managed by the two organizations
    • Several accounts of Conti victims also paying Karakurt at a later time

    The article is an interesting read, showing how Conti may be extending their business model to include regularly selling off access to Karakurt to attempt a data extortion attack.

    Conti is known for using phishing as the initial attack vector. And with the possibility of this double attack scenario, it becomes all that much more critical that the Conti attack be stopped before it starts. Adding Security Awareness Training to your phishing prevention strategy engages the employee to play a part in spotting and reporting any phishing emails that get passed security solutions to the Inbox, lowering the risk of initial attack success.

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2

    Here’s how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user’s inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
    Get Your Phish Alert Button!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/free-phish-alert-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top