Federal Advisory Warns of Increasing Conti Ransomware Attacks

Also, a second grain coop is hit with ransomware, and the Port of Houston fends off a cyberattack.

Edward Gately, Senior News Editor

September 24, 2021

6 Slides

The federal government has issued an advisory that more than 400 U.S. and international organizations have been attacked with Conti ransomware.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) released the advisory. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.

Conti is considered a ransomware-as-a-service (RaaS) variant; however, there is a variation in its structure that makes it different. It’s likely that Conti developers pay the ransomware deployers a wage rather than a percentage of the proceeds used by affiliate cyber actors. In addition, they get a share of the proceeds from a successful attack.

The joint advisory recommends mitigations for network defenders. Those include updating your operating system and software, requiring multifactor authentication (MFA) and implementing network segmentation.


Illusive’s Robert Golladay

Robert Golladay is Illusive‘s EMEA and APAC director. He said the escalation in Conti ransomware attacks isn’t surprising.

“We continue to see it distributed through TrickBot infections,” he said. “Threat actors are constantly stepping up their game and improving their tools to increase their success rate, and then sharing what works. They effectively operate a GitHub for attackers, sharing code once they’ve been successful with a technique. Once an attacker is in the network, which inevitably will happen, it won’t take them long to move laterally to target ‘crown jewels.'”

Scroll through our slideshow above for more on Conti ransomware and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsChannel Research

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like