Updated on 2022-10-27
Karakurt claimed credit for the September cyberattack on the Davenport School District, Iowa. The threat actor threatened to leak 845GB of student and district data. Read more: Hacker claims to have Davenport schools data, threatens release
In a security advisory published on Wednesday, CISA warned US organizations that are being extorted by the Karakurt gang that paying the ransom will not always stop the hackers from leaking or secretly selling their data. Three reports in April 2022 [1, 2, 3] described the Karakurt gang as a subgroup of the larger Conti ransomware cartel. Researchers said that data stolen by Conti affiliates in attacks where they failed to encrypt files is usually passed to the group for a classic “data extortion” scheme.