SECURITY ENTHUSIAST

Conti ransomware attacks are expanding, as the FBI, CISA, and NSA warned yesterday. The number of cyberattacks related to this type of ransomware has massively grown recently, its targets being US organizations.

According to the joint advisory published by the three agencies,

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations.

Source

This warning comes after in May 2021, the Federal Bureau of Investigation announced that Conti ransomware attacks targeted more than a dozen organizations’ networks in the US healthcare sector.

Conti Ransomware Attacks: a Little Background

Conti is famous among ransomware families for its attacks along the way. It is a private ransomware-as-a-service (RaaS) operation.

When it comes to background, we can list some of Conti’s emergences over time:

A major attack Conti led was in the previous months when Ireland’s Health Services were announcing on the 14th of May about being a victim of Conti ransomware attacks, the group asking for ransom payment worth up to $20 Million.

On August 9 we released a security alert in which we also raised awareness on the increased threat posed by Conti ransomware, detailing that the group used BazarLoaderBazarcall, and TrickBOT to infect machines and eventually move laterally on the compromised network. It was also interesting to note that it had similarities in code with Ryuk 2.0.

At the beginning of this month, we reported that Conti ransomware targeted Microsoft Exchange Servers by making use of the ProxyShell exploits: CVE-2021-34473CVE-2021-34523CVE-2021-31207. What this intended and achieved then was the delivery of web shells and backdoors and just after 4 hours, the cybercriminals managed to have access to admin account credentials and run commands.

The listed facts and the recent warning released by the FBI, CISA, and NSA only show the persistent nature of Conti ransomware attacks.

The Growth of Conti Ransomware Attacks: What to Do?

Following their recent advisory, the three agencies advised IT administrators to take the time to review the companies’ network security posture and start following and putting in place the measures present in the advisory such as:

In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

Source

Ransomware Explained. What It Is and How It Works

Ransomware Payouts in Review. Highest Payments, Trends & Stats

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP