Karakurt attacks Regional Family Medicine
Incident Date:
July 30, 2023
Overview
Title
Karakurt attacks Regional Family Medicine
Victim
Regional Family Medicine
Attacker
Karakurt
Location
First Reported
July 30, 2023
The Karakurt Extortion Gang's Attack on Regional Family Medicine
The Karakurt extortion gang has attacked Regional Family Medicine. Regional Family Medicine is a healthcare provider headquartered in Mountain Home, Arkansas, USA. The Karakurt gang posted Regional Family Medicine to its data leak site on July 30 but provided no further information.
Karakurt's Operational Techniques
Karakurt actors have utilized diverse strategies, methods, and operational techniques, resulting in notable difficulties for defense and mitigation efforts. Notable observations indicate that Karakurt victims haven't disclosed instances of machine or file encryption. Instead, the actors associated with Karakurt have asserted the extraction of data and issued threats of either auctioning off or publicly releasing the obtained data, contingent upon receiving the stipulated ransom payment.
The ransom requests have been documented to span from $25,000 to $13,000,000 in Bitcoin, usually featuring payment deadlines scheduled within a week of initial communication with the targeted victim. Karakurt actors have typically supplied snapshots or duplicates of pilfered file catalogs as tangible evidence of data theft.
Interaction with Victims
In their interactions, they have engaged with victims' staff, business associates, and clients, employing emails and phone calls with an intimidating tone to coerce cooperation. These emails have enclosed purloined data, including details like social security numbers, financial accounts, confidential corporate emails, and sensitive business information tied to personnel or clients.
Following the ransom settlement, the Karakurt actors have typically offered some form of confirmation of file deletion and, on occasion, a succinct description outlining the initial breach method.
Karakurt's Online Presence
Until January 5, 2022, Karakurt maintained an online platform for leaks and auctions, accessible via https://karakurt[.]group. The domain and IP address hosting the website originally went offline in the spring of 2022. Presently, the website isn't accessible via the public internet, though indications suggest its presence within the depths of the deep and dark web.
As of May 2022, the platform contained multiple terabytes of purported victim data encompassing North America and Europe. Additionally, the site featured several "press releases" identifying non-compliant victims and guidelines for participation in the victim data "auctions."
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.