Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
The Karakurt data extortion group has targeted victims across North America and Europe, demanding a ransom of up to $13,000 (£7,500) for the return of stolen data.
This data extortion group has recently expanded its operations, adapting to the global market and targeting various industries in North America. They send emails to their victims choosing from a selection of warnings and statements. One example is an email that is sent with an attached file that might appear as follows:
"Dear Victim, Your data may be at risk."
Colleagues of one victim in Canada were contacted by the Karakurt group and required to pay 50% of the ransom or they would not get back any data. The Karakurt group also demanded Bitcoin from their victims (which can frequently double the amount requested) but so far only one case has been reported where this request was met.
Criminals start by doing their research into their victims by visiting their social media accounts and reviewing emails. The Karakurt group have been known to do this on a large scale, targeting thousands of victims at one time.
The Karakurt group then create a list of all the data they have taken, detailing the date that it was taken, the victim's IP address and a screenshot of it. The criminals then pack all of these details into an email and present this to the victim as proof that they hold all of their data in their possession. Next comes demands for ransom payments ranging from $350 (£213) to more than $13,000 (£7,500).
The Karakurt email is the first point of contact and it will often give the victim options on how they wish to proceed with the extortion. They may say that they wish to make a payment, or that they wish to take legal action against the attackers. Some emails also include messages stating 'This is not a scam', showing that this gang are actually capable of carrying out their threats. The victim will be given further instructions on how to proceed, typically in an attached zip file along with screenshots of their files as proof. If victims decide to ignore these warnings, then their data will be deleted after a certain period of time has passed.