CISA, FBI, NSA Warn of Increase in Conti Ransomware AttacksCISA, FBI, NSA Warn of Increase in Conti Ransomware Attacks
A new alert provides the technical details of ongoing attacks and guidance for organizations to secure systems against Conti.
September 22, 2021
The FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency today issued a joint alert warning of increased use of Conti ransomware, which has been seen in more than 400 attacks on US and international organizations, officials report.
Conti is considered a ransomware-as-a-service model; however, variation in its structure differentiates it from a typical affiliate model, the alert states. It's likely that Conti's developers pay the attackers who deploy the ransomware a wage rather than a percentage of the proceeds, officials say.
They list multiple means that Conti actors often use to gain initial network access. These include spear-phishing campaigns that use emails containing malicious attachments or links; stolen or weak Remote Desktop Protocol credentials; phone calls; fake software promoted via search engine optimization; common flaws in external assets; or other malware distribution networks.
"CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces," the alert states. Attackers will exploit legitimate remote monitoring and management software, as well as remote desktop software, to persist on target networks.
A recently leaked "playbook" from Conti attackers revealed that they exploit vulnerabilities in unpatched assets to escalate privileges and move laterally across a victim's environment.
Read the full alert for more details.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023