Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,510
All About Conti
After REvil dissolved following the Kaseya VSA supply-chain attack in July 2021, the next most prolific ransomware group in 2022 is Conti.
Conti has been in the news consistently since August 2021, warranting a joint warning from the Cybersecurity Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), bringing to the notice of organizations, the threat posed by the ransomware group and the vulnerabilities it exploits.
CSW data researchers and security analysts cover the latest developments, the tools, techniques, and procedures used, as well as the vulnerabilities explored by Conti in 2021-22 in this blog.
Who is Conti?
Conti ransomware is a ransomware-as-a-service (RaaS) operation believed to be controlled by the Russia-based cybercrime group called Wizard Spider.
The ransomware shares some of its code with the infamous Ryuk Ransomware, which went off the news in July 2020.
Conti Attacks in 2021
Let us take a look at the different recent incidents in which the Conti group has been involved in 2021.
Ransomware Attack Incident Time Period Sector Conti Demands Broward County Public School, Florida March - April 2021 Education $40M Exagrid May 4, 2021 IT $2.6M City of Tulsa May 6 - Present Government - Ireland Health Service Executive (HSE) May 17 - Present Healthcare $20M Ireland Department of Health May 18 - Present Healthcare Attempt unsuccessful New Zealand Health Department May 21 - Present Healthcare - Canada June end Internet services - Canada June end Engineering & Technology - Canada June end Insurance - Stanadyne PurePower Technologies June 2 - Present Engineering and Technology - SAC Wireless (Nokia subsidiary) June - August Manufacturing 250GB data stolen Microsoft Exchange Servers using ProxyShell September 3 Software 1 TB data stolen Covisian September 18 Communications Industry - JVC Kenwood September - October Manufacturing 1.7 TB data stolen, $7 Million ransom Graff October Jewelry 69000 files leaked CS Energy November 27 Energy - Australian Government November - present Government - Finite Recruitment December Government 300 GB data stolen Nordic Choice Hotels December 2 Hospitality - McMenamins Brewery December 12 Food and Beverages - Shutterfly December E-commerce Few million dollars in ransom
Conti-nuous Attacks Through January 2022
Conti’s prolific track record continues into 2022, with three attacks being reported–one on a marketing giant, the other on a nationalized bank, and the most recent, on an electronics manufacturing firm.
Full article:
All About Conti
The Conti Group has been one of the most prolific ransomware groups, second only to REvil. At the start of 2021, there were only three vulnerabilities associated with the gang. However, Conti has been on a roll ever since and now has seventeen vulnerability associations. Read on to find out more...cybersecurityworks.com
Last edited:
