In March, after the hacker group Conti announced its loyalty to Vladimir Putin, a pro-Ukrainian informant created a Twitter account called 'Conti leaks'’ to expose the ransomware gang, which turned out to be a nightmare for many of its victims, including Ireland's HSE, the Volkswagen Group and several cities, counties and school districts in the United States.
The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the National Security Agency and the United States Secret Service have reissued an alert about Conti ransomware, “The actors behind the Conti cyber threat remain active, and reported Conti ransomware attacks against the United States and international organizations have exceeded 1,000”, the warning said.
Originally, the warning was published in September 2021. It stated that more than 400 Conti ransomware attacks targeted the theft of sensitive data. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.
Who is Conti?
Conti began operating in late 2019, and runs the Conti.News data leak site. El grupo obtiene el acceso inicial a través de credenciales RDP robadas o correos electrónicos de phishing con archivos adjuntos maliciosos. Los expertos creen que los ataques de Conti se asemejan a las tácticas vistas en los ataques de los estados-nación. Los grupos también se basan en ataques operados por humanos en lugar de las cada vez más populares intrusiones automatizadas.
Se cree que el grupo tiene su sede en la segunda ciudad rusa, San Petersburgo. También se especula que la gente que está detrás de Conti solía estar a cargo de otro prominente cartel de ransomware, Ryuk.
Al igual que muchas bandas de extorsión modernas, Conti ofrece un paquete de ransomware como servicio (RaaS), ofreciendo su malware a los afiliados. The main team keeps the 20-30% ransom payment, while the affiliates take the rest of the loot.
Fountain:https://cybernews.com/news/contis-ransomware-spree-victim-toll-rises-to-1000/