Cybercrime All About Conti

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
All About Conti

After REvil dissolved following the Kaseya VSA supply-chain attack in July 2021, the next most prolific ransomware group in 2022 is Conti.


Conti has been in the news consistently since August 2021, warranting a joint warning from the Cybersecurity Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), bringing to the notice of organizations, the threat posed by the ransomware group and the vulnerabilities it exploits.

CSW data researchers and security analysts cover the latest developments, the tools, techniques, and procedures used, as well as the vulnerabilities explored by Conti in 2021-22 in this blog.

Who is Conti?

Conti ransomware is a ransomware-as-a-service (RaaS) operation believed to be controlled by the Russia-based cybercrime group called Wizard Spider.
The ransomware shares some of its code with the infamous Ryuk Ransomware, which went off the news in July 2020.

Conti Attacks in 2021

Let us take a look at the different recent incidents in which the Conti group has been involved in 2021.

Ransomware Attack IncidentTime PeriodSectorConti Demands
Broward County Public School, FloridaMarch - April 2021Education$40M
ExagridMay 4, 2021IT$2.6M
City of TulsaMay 6 - PresentGovernment-
Ireland Health Service Executive (HSE)May 17 - PresentHealthcare$20M
Ireland Department of HealthMay 18 - PresentHealthcareAttempt unsuccessful
New Zealand Health DepartmentMay 21 - PresentHealthcare-
CanadaJune endInternet services-
CanadaJune endEngineering & Technology-
CanadaJune endInsurance-
Stanadyne PurePower TechnologiesJune 2 - PresentEngineering and Technology-
SAC Wireless (Nokia subsidiary)June - AugustManufacturing250GB data stolen
Microsoft Exchange Servers using ProxyShellSeptember 3Software1 TB data stolen
CovisianSeptember 18Communications Industry-
JVC KenwoodSeptember - OctoberManufacturing1.7 TB data stolen, $7 Million ransom
GraffOctoberJewelry69000 files leaked
CS EnergyNovember 27Energy-
Australian GovernmentNovember - presentGovernment-
Finite RecruitmentDecemberGovernment300 GB data stolen
Nordic Choice HotelsDecember 2Hospitality-
McMenamins BreweryDecember 12Food and Beverages-
ShutterflyDecemberE-commerceFew million dollars in ransom



Conti-nuous Attacks Through January 2022


Conti’s prolific track record continues into 2022, with three attacks being reported–one on a marketing giant, the other on a nationalized bank, and the most recent, on an electronics manufacturing firm.

Full article:

 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
The Conti Group just blogged this:
“WARNING”

As a response to Western warmongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine.

BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti's attack on Shutterfly.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
This has potential to be first rate drama.
Even better is the war between Russian and Ukrainian Troll farms. Note that here as well as in the hacker groups Russian and Ukrainian nationals have always intermingled; but now the latter have rightly turned into ultra Ukrainian nationalists thus becoming the Enemy within. So I wonder how blunted the Russian cyber-war will be.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Conti Ransomware source code leaked by Ukrainian researcher
A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more.

It has been quite a damaging week for Conti after they sided with Russia on the invasion of Ukraine and upset Ukrainian adverts (affiliates) and a researcher who has been secretly snooping on their operation.
 

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,245
Conti Ransomware : I got 2 droppers and they are well detected by the antivirus

VT : 41/72


VT : 46/71


Edit : Windows Defender (VM)

bVnuJAVD.jpg
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top