Search This Blog

Powered by Blogger.

Blog Archive

Labels

HHS Alerts Healthcare Workers on Karakurt Ransomware Group

Karakurt has been seen buying stolen login details of users who have already been hacked through third-party intrusion .
A new wave of cyber attacks from the Karakurt ransomware gang are reported to healthcare providers. The warning came months after CISA and FBI disclosed operational technical data on the group, along with evidence of infiltration and mock ransom notes.

A dentistry practice, an assisted care facility, a supplier, and a hospital were all impacted by the attacks. The healthcare industry should continue to be on high alert and keep an eye out for any signs of compromise, experts assert. 

According to HC3, Karakurt's "massive cyberbullying efforts against victims to disgrace them are what is most alarming."

Karakurt has been seen buying stolen login details or acquiring access to users who have already been hacked through third-party intrusion broker networks in order to access victim machines.

Fortinet FortiGate SSL VPN appliances, Log4Shell, old Microsoft Windows Server instances, and outdated SonicWall SSL VPN appliances are just a few examples of the intrusion flaws the organization is known to use to get initial access.

HHS Alert 

Karakurt first emerged in late 2021, according to a warning from the Department of Health and Human Services Cybersecurity Coordination Center (HC3), they are likely connected to the Conti ransomware organization, either through a working relationship or as a side company.

Given that the Conti ransomware organization has successfully attacked more than 16 healthcare providers since early 2021, federal agencies have long issued warnings about the risk attached to the sector.

Similar to other ransomware groups, the Karakurt actors claim data theft and threaten to sell it on the dark web or make it available to the general public if their demands are not met. The ransoms range from $25,000 to $13,000,000 in Bitcoin, and the timeframes are frequently set to expire just one week after the fraudsters make contact.

According to open-source reports, Karakurt threat actors typically conduct scanning, reconnaissance, and collecting on their targets for roughly two months. The organization then makes an attempt to acquire access to documents that include private data, including Social Security numbers, medical record numbers, medical history, and information about treatments. The gang retains the data and threatens its victims until they pay, as is customary with ransomware.

The recent Karakurt campaign against Methodist McKinney Hospital in early July provided evidence of this. The actors threatened to make the allegedly stolen material available, but Methodist McKinney instead alerted patients of the incident and the ongoing inquiry into the potential data theft.


Share it:

CISA

Karakurt

malware

Ransomware Attacks.

User Privacy