In the publication, which was released on Wednesday, CISA, FBI and NSA reported information about the cyber gang behind Conti and technical approaches to uncovering and mitigating possible attacks.
Conti garnered attention earlier this year after a successful breach of Ireland’s Health Service Executive by demanding a $20 million ransom. Reports also link Conti to 400 US and international attacks. It is believed that the cyber group has ties with Wizard Spider, a sophisticated cyber-crime group based in Russia. Armed with a double-extortion approach of threating to both encrypt and expose victim’s data, plus an aggressive business model, Conti has quickly evolved into a ransomware-as-a-service (RaaS) model ransomware variant. Conti developers are likely paying deployers of the ransomware a wage rather than a percentage of the proceeds from a successful attack, causing a proliferation of Conti campaigns.
Both public and private sector organizations are advised to take immediate attention on these threats. Conti actors often gain initial access to networks through spear-phishing campaigns, malicious word attachments, stolen or weak Remote Desktop Protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, other malware distribution networks (e.g., ZLoader), and common vulnerabilities in external assets.