NSA Issues Advisory on Conti Ransomware

By   ISBuzz Team
Writer , Information Security Buzz | Sep 27, 2021 01:04 am PST

CISA, the FBI, and the NSA have issued a warning to US organisations around increased attacks from the Conti Ransomware. The agencies have also released new actions and advice to help organisations protect against the threat.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Natalie Page
Natalie Page , Cyber Threat Intelligence Analyst
September 27, 2021 9:10 am

<p>Increased activity from a big player such as Conti, a strain that displays crossovers with the notorious RYUK ransomware, undoubtedly raises alarm bells across the threat landscape. This is a strain known to actively target organisations within the United States, a country which in 2021 fell victim to some of the largest and most destructive ransomware attacks the community has witnessed thus far.</p>
<p>With the disappearance of REvil earlier this year, many affiliates shifted strains, with Conti being one of the popular variants adopted by these criminals, explaining this rapid increase in attack attempts, with the FBI confirming that they have witnessed at least 400 individual attacks against domestic and foreign institutions.</p>
<p>This year Conti successfully disseminated a huge attack against Ireland’s Health Service Executive (HSE) and Department of Health (DoH), one which demanded $20 million, and Irelands Health Service is still recovering from this. The FBI has confirmed that healthcare continues to be one of the most targeted sectors amongst Conti’s attack efforts.</p>
<p>Here we have yet another sophisticated and successful ransomware-as-a-service (RaaS) strain operating out of Russia. Conti is a strain known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors, to maintain persistence on victim networks. Legitimate tools such as Sysinternals and Mimikatz are then utilised on the victim’s network to obtain credentials and escalate privileges, before moving laterally across the network and deploying the Conti malware.</p>
<p> </p>
<p>Adopting multi-factor authentication (MFA), consistently scanning, and patching vulnerabilities, securing your users accounts, implementing network segmentation and limiting access, especially regarding RDP are all critical recommendations for organisations in their fight against Conti.</p>

Last edited 2 years ago by Natalie Page

Recent Posts

Would love your thoughts, please comment.x