This post is also available in: heעברית (Hebrew)

A ransomware gang known as “Karakurt” is targeting the McAlester Regional Health Center in Oklahoma and has apparently stolen over 126 GB of data, including DNA patient records that will be auctioned off.

According to Cybernews, the gang plans to publish samples and then auction off 117 GB of the hospital’s sensitive information on Monday, August 1st.

The group wrote a statement post on their dark leak site: “Those are companies that refused negotiations and are going to be auctioned soon,” under a section titled “Pre-Release.” They claim that the data includes at least 40GB of genetic DNA patient records.

Karakurt is also threatening to publish a smaller amount of sensitive data that was allegedly stolen from the Regional Family Medicine primary care group of Arkansas, including over 5GB of SQL data on the medical staff like social security numbers, medical reports, bank statements, invoices, and other confidential documents.

But why are these DNA records so important?

According to a DNA theft report by Nature Reviews Genetics, DNA records or other stolen genetic materials can be used for blackmail and/or profiting through fake paternity results, revealing predispositions to disease and existing medical conditions affecting employment prospects, insurance premiums, and even social stigma.

Who is Karakurt?

The Karakurt Data Extortion Group was discovered in June 2022 by the US Cybersecurity and Infrastructure Security Agency (CISA) and is believed to be an offshoot of the Russian-affiliated group called “Conti”, which is known for their double extortion tactics and aggressive nature.

In terms of victims, it does not seem that the group targets any specific industry and mainly gets access to victims by buying stolen login credentials or already compromised victims through third-party broker networks, according to Cybernews.

Strangely, unlike other ransomware gangs, the group doesn’t usually encrypt compromised data after it claims to have stolen it. Furthermore, Karakurt is known for harassing its victims both with emails and phone calls.

The group’s ransom demands can range from $25K to $13M in Bitcoin, and they typically set their payment deadlines to expire within a week of first contact with the victim, this according to CISA.