‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
There is a new financially motivated threat group on the rise and for a change, it doesn’t appear to be interested in deploying ransomware or taking out high-profile targets.

Researchers from Accenture Security have been tracking a group that calls itself “Karakurt,” which means “black wolf” in Turkish and is the name of a venomous spider found in eastern Europe and Siberia.

Karakurt focuses on data exfiltration and subsequent extortion, allowing it to move quickly. In fact, since September, it has already hit more than 40 victims, 95 percent of which were in North America with the rest in Europe, researchers revealed in a report published Friday.

“The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big-game hunting approach,” they wrote in the report.

Researchers said they expect that Karakurt will turn out to be a bit of a trendsetter and that in the future, other groups will move away from targeting massive corporations or critical-infrastructure providers with ransomware to adopt a similar exfiltration/extortion approach.

This is because it “enables faster attack execution and steers clear of intentionally disrupting business operations, yet still yields leverage in terms of data extortion,” Accenture’s Cyber Investigations, Forensics & Response (CIFR) team told Threatpost in an email.