Conti Ransomware Attacks on the Rise, FBI, CISA, and NSA Warn
They Published a Joint Advisory with Mitigation Measures against Conti.
Conti ransomware attacks are expanding, as the FBI, CISA, and NSA warned yesterday. The number of cyberattacks related to this type of ransomware has massively grown recently, its targets being US organizations.
According to the joint advisory published by the three agencies,
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations.
This warning comes after in May 2021, the Federal Bureau of Investigation announced that Conti ransomware attacks targeted more than a dozen organizations’ networks in the US healthcare sector.
Conti Ransomware Attacks: a Little Background
Conti is famous among ransomware families for its attacks along the way. It is a private ransomware-as-a-service (RaaS) operation.
When it comes to background, we can list some of Conti’s emergences over time:
A major attack Conti led was in the previous months when Ireland’s Health Services were announcing on the 14th of May about being a victim of Conti ransomware attacks, the group asking for ransom payment worth up to $20 Million.
On August 9 we released a security alert in which we also raised awareness on the increased threat posed by Conti ransomware, detailing that the group used BazarLoader, Bazarcall, and TrickBOT to infect machines and eventually move laterally on the compromised network. It was also interesting to note that it had similarities in code with Ryuk 2.0.
At the beginning of this month, we reported that Conti ransomware targeted Microsoft Exchange Servers by making use of the ProxyShell exploits: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207. What this intended and achieved then was the delivery of web shells and backdoors and just after 4 hours, the cybercriminals managed to have access to admin account credentials and run commands.
The listed facts and the recent warning released by the FBI, CISA, and NSA only show the persistent nature of Conti ransomware attacks.
The Growth of Conti Ransomware Attacks: What to Do?
Following their recent advisory, the three agencies advised IT administrators to take the time to review the companies’ network security posture and start following and putting in place the measures present in the advisory such as:
- the use of multi-factor authentication;
- network segmentation and traffic filtering;
- the update of software and vulnerabilities scanning;
- the implementation of Endpoint and Detection Response solutions;
- and many more mitigation measures explained there.
In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.