Conti ransomware is an emerging threat targeting corporate networks that introduces new features that allow it to carry out faster and more targeted attacks. There are also indications that this ransomware shares the same code as Ryuk, which has been slowly fading away, while Conti’s distribution is increasing.
This ransomware was first seen in isolated attacks in late December 2019. Over time, attacks slowly increased, until late June, when there was an increase in victims. Like other ransomware infections in this category, Conti operators access corporate networks and spread laterally until obtaining domain administrator credentials but… In reality this threat began to gain recognition in 2020 due to its rapid development also, the Conti News site has published stolen data of at least 180 victims so far.
When this threat is in progress they try to gain administrative privileges and when they do, the attackers deploy ransomware to encrypt the devices. It is not known whether Conti’s operators also steal files from their victims’ networks before encrypting them. The ransom demand for this ransomware is less than $ 100,000, a relatively low amount compared to other similar ransomware infections.
Something that should be noted about Conti is that it will use multiple ways to encrypt different files simultaneously. While multithreaded ransomware is not new, the use of 32 processes is something of a novelty, allowing ransomware to encrypt a machine at very fast speeds.
What we can do to protect ourselves against Conti
▸Always have a plan against these threats, you never know when it can happen to you.
▸Close Internet-facing Remote Desktop Protocol to deny cybercriminals access to networks. If you need access to RDP, put it behind a VPN connection and enforce the use of multi-factor authentication.
▸Monitor your network security 24 hours a day, be aware of the five early indicators of the presence of an attacker to stop ransomware attacks before they are launched.
▸Keep regular backups of your most important and current data to an offline storage device.
▸Prevent attackers from accessing and disabling your security – choose an advanced solution with a cloud-hosted management console with multi-factor authentication enabled and role-based management to limit access rights.
Related reads:
FiveHands is the new Ransomware Variant
Lorenz is the new Ransomware targeting businesses
Mount Locker is an aggresive Ransomware
[…] also:Conti Ransomware targeting corporate networksTox is a tool used to create […]