The Federal Bureau of Investigation (FBI), Department of Treasury, and Financial Crimes Enforcement Network (FinCEN) recently issued a joint cybersecurity advisory (CSA) focused on data extortion group Karakurt, an emerging organization known for steal corporate data and demand ransom to avoid public exposure. The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.
So what does this mean for businesses large and small?
Karakurt actors have long engaged in various tactics, techniques, and procedures (TTPs), which create considerable challenges for defense and mitigation. Although Karakurt’s targets did not report that their data and files were compromised, they did report falling victim to ransom demands ranging from $25,000 to $13 million in Bitcoin.
The movement towards data decryption
Karakurt is the new face of ransomware, taking advantage of poor encryption. Historically, ransomware did not care about the encryption used to protect data because it did not decrypt the original data. Instead, it took the existing encrypted data and made it unusable for the victim. Eventually, the organizations started taking proper backups and hence stopped paying the demanded ransom. As a result, ransomware entities have upped their game and are starting to decrypt data.
Why is it so easy for these criminals to crack the data? The answer is to use a single key to encrypt all records and store the key in an unprotected environment. All an attacker needs to do is find the key and they will have access to all of an organization’s data.
How can organizations mitigate this risk? One solution is OTP (single pad) as it is necessary to keep classified data safe and can be easily adopted. A big advantage of OTPs is not only that they are extremely secure, but they are incredibly easy for organizations to integrate into their broader authentication strategies.
OTP and beyond
OTPs may have predated digital computing, but they continue to represent an unbeatable cryptographic standard. OTPs include a system in which a private key is used by random generation and contributes significantly to preventing access breaches. The key is only used once in order to securely encrypt the data, and will be decrypted by the recipient using a matching one-time pad and key. Even if an attacker or a criminal group like Karakurt obtained a valid set of login credentials, they would be unable to breach the system.
Beyond the OTP, and when reviewing Karakurt’s TTPs, it is essential that organizations examine the encryption policies and technologies deployed, as well as to ensure that there are no open vulnerabilities to exploit. Additionally, the application of novel quantum-resistant approaches will mitigate potential short- and long-term damage. Now is the time to take these proactive steps. Quantum computers can crack cryptographic keys and create threats, much like Karakurt is known for.
Cybercriminals are getting more and more creative, and organizations need to be prepared with measures that will do the most to protect their most valuable asset: their data. It’s time for organizations to review the security measures currently in place and act accordingly. Once adequate measures are in place, the problem of cyberattacks will become the ability to detect attacks rather than worrying about controlling and minimizing damage.