It has been reported that CISA sent out an advisory yesterday, centered around the Conti ransomware, providing detailed information for the cybersecurity community about the ransomware group and its affiliates. Both CISA and the FBI said they have seen more than 400 attacks involving Conti’s ransomware targeting US organisations as well as international enterprises. The FBI has previously implicated Conti in attacks on at least 290 organisations in the US. CISA offered a technical breakdown on how the ransomware group’s operators typically function and what steps organisations can take to mitigate potential attacks. CISA noted that while Conti operates a ransomware-as-a-service model, they do so a bit differently than others. Instead of paying affiliates a cut of the earnings that come from ransoms, the group pays the deployers of the ransomware a wage, according to CISA.
<p>The Cybersecurity Infrastructure Security Agency\’s (CISA) advisory on the Conti ransomware gang is a reminder that they have carried out hundreds of destructive attacks on companies around the world since March 2020. Cybereason tracks Conti and, this year alone, the gang has attacked dozens of attacks against hospitals in the U.S. and Europe including a crippling attack on Ireland\’s Health Services in May. Critical infrastructure networks have also been in their crosshairs.</p>
<p>To stop the Conti scourge, Cybereason <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiF1KANtTfKRuOEV9Acylue8MIaNAua5Ol5myy0DrUyTFuYdbCcHApAjE6k7Ui0RGOY-3DxiMe_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkdj7Jf5oxyCimxG4R7lYqlG5mSZHPmV57E2o-2BXi7prLaBMdfiCvtfGFc3zw7UV1FII0DNc3jjqqP4iUWf12rnLDA9M-2BQwqEX8C0QbshuCBtXpCf92RV1O25jYj1hdFdDYwcAV2R6MnIEeyGTj4DfEoaBxsKSOmUVePXZQJMa8pjDFE8G87-2BjYcQb4kCgdtsPfQ-2Bio-2Be0fIP-2F7jO4wtNkH0QYLADbEwfrlBc-2B2X1ZVvJF\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiF1KANtTfKRuOEV9Acylue8MIaNAua5Ol5myy0DrUyTFuYdbCcHApAjE6k7Ui0RGOY-3DxiMe_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkdj7Jf5oxyCimxG4R7lYqlG5mSZHPmV57E2o-2BXi7prLaBMdfiCvtfGFc3zw7UV1FII0DNc3jjqqP4iUWf12rnLDA9M-2BQwqEX8C0QbshuCBtXpCf92RV1O25jYj1hdFdDYwcAV2R6MnIEeyGTj4DfEoaBxsKSOmUVePXZQJMa8pjDFE8G87-2BjYcQb4kCgdtsPfQ-2Bio-2Be0fIP-2F7jO4wtNkH0QYLADbEwfrlBc-2B2X1ZVvJF&source=gmail&ust=1632485219554000&usg=AFQjCNEIZRnb7XcyuJ8l6G2faXlMcmUkqw\">recommends</a> companies deploy endpoint detection & response software on their endpoints. In addition, keep systems patched, regularly remind employees not to open attachments from unknown sources, don\’t visit dubious websites, backup files to remote servers and protect networks using organizational firewalls, proxies, web filtering and mail filtering. Cybereason recommends not paying ransoms as it doesn\’t pay-to-pay unless it is a matter of life and death or national emergency. In fact, Cybereason\’s <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiGq7-2Frc4GfaP4q1qvAriLMGHM4fG-2FmrUtIqwCasTQzM0duITRNIRRrkwQUK142foPgA6foKoIR-2Fdp7ebt2hFdYz4nIpAXZi7bGuTAVe0THb-2FA-3D-3DAfds_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkdj7Jf5oxyCimxG4R7lYqlG5mSZHPmV57E2o-2BXi7prLaBMdfiCvtfGFc3zw7UV1FII0DNc3jjqqP4iUWf12rnLBn2XxjutO9lZMpNkheeVC6NJZG3zI-2B7MpirvaFVMSG5X63Kfd77YFwnOUnJczFb6QWJRKWS1GI-2BlVnhiIhgkyzNhsn8CFAOmfD8DQkOKLPZybnKMSZhBUkT0-2Fg7YKKGZn-2BER1k6P4hQJrfa7LYPx-2Bu\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiGq7-2Frc4GfaP4q1qvAriLMGHM4fG-2FmrUtIqwCasTQzM0duITRNIRRrkwQUK142foPgA6foKoIR-2Fdp7ebt2hFdYz4nIpAXZi7bGuTAVe0THb-2FA-3D-3DAfds_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkdj7Jf5oxyCimxG4R7lYqlG5mSZHPmV57E2o-2BXi7prLaBMdfiCvtfGFc3zw7UV1FII0DNc3jjqqP4iUWf12rnLBn2XxjutO9lZMpNkheeVC6NJZG3zI-2B7MpirvaFVMSG5X63Kfd77YFwnOUnJczFb6QWJRKWS1GI-2BlVnhiIhgkyzNhsn8CFAOmfD8DQkOKLPZybnKMSZhBUkT0-2Fg7YKKGZn-2BER1k6P4hQJrfa7LYPx-2Bu&source=gmail&ust=1632485219554000&usg=AFQjCNEp1RgYS6j_0viUA5e-VNtBv-66CQ\">ransomware study</a> of more than 1,200 global organisations shows that 80 percent of companies that paid a ransom were hit a second time, often by the same attackers. And in instances where the attackers handed over decryption keys to the victims after a ransom was paid, nearly 50 percent of the time the company\’s data was corrupted, slowing down the recovery phase even further. </p>
<p>If we have learned anything from the deluge of ransomware attacks in 2021, the public and private sector need to invest now to ratchet up prevention and detection and improve resilience. We can meet fire with fire. Sure, the threat actors might get in, but so what. We can make that mean nothing. We can slow them down. We can limit what they see. We can ensure fast detection and ejection. We can—in short—make material breaches a thing of the past. So, what if they get a toe hold on the ramparts. We can keep them out of the castle by planning and being smart ahead of time and setting up the right defences.</p>