Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others.
Karakurt, the
data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on
stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online.
Within just two months, between September and November 2021, more than 40 organizations have fallen victim to Karakurt hacking attempts.
After stealing their victims' data, Karakurt demands ransoms ranging from $25,000 to $13 million worth of Bitcoin that must be paid within a week.
The extortion gang is pressing victims into paying the data extortion ransom by harassing their business partners, clients, and employees via email and phone calls prodding them to ask for negotiations to prevent data leaks.
"Although Karakurt's primary extortion leverage is a promise to delete stolen data and keep the incident confidential, some victims reported Karakurt actors did not maintain the confidentiality of victim information after a ransom was paid," the FBI, CISA, U.S. Department of Treasury, and FinCEN said in a
joint advisory.
"The U.S. government strongly discourages the payment of any ransom to Karakurt threat actors, or any cyber criminals promising to delete stolen files in exchange for payments."