Joint Federal Advisory on Karakurt Data Extortion Group Technical Details

Context On June 1, 2022, the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the Treasury Department, and the Financial Crimes Enforcement Network released a joint advisory with technical details and indicators of compromise for the Karakurt data extortion group. Karakurt is an advanced persistent threat (APT) group focused…

Read More

Conti Ransomware Shuts Down Operation, Splinters into Smaller Groups

Summary The notable ransomware gang known as Conti has, according to security firm Advanced Intel (AdvIntel), taken its infrastructure offline and shut down its ransomware operations. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, the Tor admin panels used by Conti members to perform negotiations, publish news, and generate…

Read More

Ransomware Recovery: How to Restore Your Data from Backup

According to Fortinet’s 2021 Global Threat Landscape Report, 94% of organizations say they are concerned about a ransomware attack. The thing they’re most concerned about? 62% said the risk of losing data. Attackers know this; that’s why ransomware attacks are even attempted in the first place. Threat actors understand that data is valuable, and companies…

Read More

Preventing Ransomware Attacks with Threat Intelligence Sharing

https://youtu.be/bgAbz3PQBAs In the last few years, ransomware planning has become a priority for cyber teams, with 85% of organizations in Fortinet’s 2021 Global Threat Landscape Report reporting ransomware as their biggest security concern. Similarly, ransomware resilience planning topped the list of CISO initiatives for 2022 in RH-ISAC’s recent Benchmark Report. Ransomware resilience planning tends to…

Read More

How Botnets are Used in Ransomware Attacks

A botnet is a network of devices that have been infected with malware, allowing a threat actor to control them. However, instead of completely taking over the devices, the individual orchestrating the attack, known as the bot herder, will use a portion of the computer’s bandwidth to run an activity in the background without the…

Read More