The federal government has issued an advisory that more than 400 U.S. and international organizations have been attacked with Conti ransomware.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) released the advisory. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.

Conti is considered a ransomware-as-a-service (RaaS) variant; however, there is a variation in its structure that makes it different. It’s likely that Conti developers pay the ransomware deployers a wage rather than a percentage of the proceeds used by affiliate cyber actors. In addition, they get a share of the proceeds from a successful attack.

The joint advisory recommends mitigations for network defenders. Those include updating your operating system and software, requiring multifactor authentication (MFA) and implementing network segmentation.

Illusive’s Robert Golladay

Robert Golladay is Illusive‘s EMEA and APAC director. He said the escalation in Conti ransomware attacks isn’t surprising.

“We continue to see it distributed through TrickBot infections,” he said. “Threat actors are constantly stepping up their game and improving their tools to increase their success rate, and then sharing what works. They effectively operate a GitHub for attackers, sharing code once they’ve been successful with a technique. Once an attacker is in the network, which inevitably will happen, it won’t take them long to move laterally to target ‘crown jewels.'”

Scroll through our slideshow above for more on Conti ransomware and more cybersecurity news.