Free Newsletters for the Channel
Register for Your Free Newsletter Now
Also, a second grain coop is hit with ransomware, and the Port of Houston fends off a cyberattack.
September 24, 2021
The federal government has issued an advisory that more than 400 U.S. and international organizations have been attacked with Conti ransomware.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) released the advisory. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.
Conti is considered a ransomware-as-a-service (RaaS) variant; however, there is a variation in its structure that makes it different. It’s likely that Conti developers pay the ransomware deployers a wage rather than a percentage of the proceeds used by affiliate cyber actors. In addition, they get a share of the proceeds from a successful attack.
The joint advisory recommends mitigations for network defenders. Those include updating your operating system and software, requiring multifactor authentication (MFA) and implementing network segmentation.
Illusive’s Robert Golladay
Robert Golladay is Illusive‘s EMEA and APAC director. He said the escalation in Conti ransomware attacks isn’t surprising.
“We continue to see it distributed through TrickBot infections,” he said. “Threat actors are constantly stepping up their game and improving their tools to increase their success rate, and then sharing what works. They effectively operate a GitHub for attackers, sharing code once they’ve been successful with a technique. Once an attacker is in the network, which inevitably will happen, it won’t take them long to move laterally to target ‘crown jewels.'”
Scroll through our slideshow above for more on Conti ransomware and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
You May Also Like
Zero Trust World: ThreatLocker Unleashes New Tools to Stop ThreatsFeb 27, 2024
Mobile World Congress: VMware Talks SASE, 5G, SD-WANFeb 27, 2024
Zero Trust World: ThreatLocker Providing an Action Plan for Preventing AttacksFeb 26, 2024
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024