Content |
Ransomware Viruses (ransomware)
Main article: Ransomware ransomware ransomware viruses (ransomware)
2024: Former Conti members attack companies and have already made $100 million in buybacks
The once largest group of ransomware hackers Conti has closed, but its members continue to attack hundreds of companies and have already earned $100 million in buybacks. This became known in May 2024.
2023
Creating a tool to unlock computers infected with Conti virus
On March 16, 2023, Kaspersky Lab released a new decryption tool that will help victims of ransomware created from Conti source code recover their data.
Conti is one of the most active cybergroups among ransomware. The sources of the eponymous malware appeared on the Internet in March 2022 after an internal conflict caused by the geopolitical crisis in Europe. Subsequently, the code was used by other attackers to create ransomware modifications, in particular Meow. This version of the virus was spread by an unknown group of cybercriminals and used to attack commercial companies and government agencies.
At the end of February 2023, Kaspersky Lab specialists discovered a new piece of data related to Conti on Internet forums. The analysis showed that they contain 258 private encryption keys, source code and, in some cases, pre-compiled decoders for Meow malware. One of the forums also contained a message that the cyber group was ceasing its activities, and therefore published information to decode the files of its victims.
It is reported that private keys are located in 257 folders (one of them contains two keys). 14 directories contain previously generated decryptors, and 34 folders have explicit names of companies and government agencies. After analyzing the published data, Kaspersky Lab specialists added decryption algorithms for the Meow malware to the latest build of the Rakhni Decryptor utility (1.40.0.00).
 | If we assume that one folder corresponds to one victim, and decoders were generated for victims who paid the ransom, we can assume that 14 out of 257 victims transferred money to attackers, "Kaspersky Lab notes[1] |  |
The LockBit ransomware gang began using ransomware based on the code of the sensational malware Conti
The LockBit ransomware gang has again begun using third-party ransomware in its attacks. This time, the attackers used a program based on the leaked source code Conti. This became known on February 2, 2023. Read more here.
2022
How the hacker group Conti works
On June 23, 2022, the Russian company Group-IB, specializing in information security, spoke about the activities of the hacker group Conti, which is engaged in the spread of ransomware virus.
According to Group-IB, Conti is a "criminal IT company" that has its own human resources, research and development (R&D), open source intelligence (OSINT) departments, as well as regular salary payments, a motivation and leave system. The team works from 12:00 to 21:00 Moscow time - 14 hours seven days a week. At the same time, hackers have holidays.
According to a report released by Group-IB on June 23, 2022, data from 156 companies have been published in Conti since the beginning of 2022. In total, the list of their victims totals over 850 organizations from various industries, as well as government agencies and even an entire state - in April, the Conti attack against Costa Rica led to the introduction of a state of emergency in the country - this is the first precedent of this scale.
The top 5 industries most often attacked by Conti include manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%) and trade (5.5%). Once in the company's infrastructure, attackers upload documents (most often to determine which organization they are dealing with) and search for files containing passwords both open and encrypted. Finally, having received all the necessary rights and access to all devices of interest, hackers "spill" ransomware on all devices and launch them, Group-IB said.
Hackers attack organizations in many regions of the world, avoiding attacks on companies and organizations from Russia, Group-IB points out. Most often, the group attacks companies and departments in the United States (58.4% of all attacks), followed by Canada (7%), England (6.6%), Germany (5.8%), France (3.9%) and Italy (3.1%).[2]
Delta Electronics IT systems malfunction due to ransomware virus attack
At the end of January 2022 Delta Electronics , Conti was attacked virus extortioner. Malware classified by experts as very dangerous because of the possible damage the ON device could cause. Files enciphering can be trusted to algorithms enciphering prevent opening. files More. here
2020: Attacks on 16 medical facilities in the United States
At the end of May 2021, the FBI reported that Conti ransomware operators tried to hack into the networks of 16 American health care organizations and first responders in 2020.
Conti's activities involve at least 400 cyber attacks on organizations around the world, of which at least 290 were carried out in the United States, the FBI said.
According to the agency, Conti's ransom requirements are selected individually for each victim, among the latest requirements of hackers is a ransom of $25 million. Hacking victims are calling for sharing information about hacker group attacks to help the FBI prevent future attacks and identify attackers.
Conti, as a rule, initially gains access to the victim's network using stolen credentials, RDP or phishing campaigns.
The FBI report said:
| | If the victim does not respond to a ransom demand two to eight days after the ransomware is deployed, Conti representatives often call the victim using one-time numbers. Attackers can also communicate with the victim using ProtonMail, and in some cases, victims agree to reduce the ransom. | |
The FBI does not advise victims of ransomware attacks to pay ransom, because there are no guarantees that hackers will provide decryption keys after payment, and every successful extortion attempt only contributes to ransomware-related criminal activity. Moreover, the FBI calls on law enforcement agencies to be transparent in the event of extortion incidents.
According to information security researchers Coveware, the Conti ransomware virus is the second most common use by hackers. It accounts for 10.2% of all ransomware cyber attacks in the first quarter of 2021.[3]
Notes
- ↑ [1]kaspersky-releases-tool-for-decrypting-conti-based-ransomware Kaspersky releases tool for decrypting Conti-based ransomware
- ↑ Group-IB spoke about the "criminal IT company" of ransomware with salaries and vacations
- ↑ FBI Identifies 16 Conti Ransomware Attacks on U.S. Healthcare
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |