Evolving Tricks and Techniques of Conti
Conti is a relatively new addition to the ransomware landscape, however, it has turned to be quite destructive. It is a more accessible variant of Ryuk and works in a RaaS model.
This ransomware has been in the field since May 2020 and its operators have already released three versions. It has become a peril mainly because of its fast updates, quick encryption scheme, and auto-spreading capabilities. Conti, too, has wasted no time in jumping into the double extortion tactic, similar to other top ransomware.
Why worry about Conti?
Apart from the very damaging double extortion tactic, Conti is capable of compromising an entire network by disseminating via SMB and encrypting files on various hosts. Moreover, it is difficult to stop the spread as it uses a multithreading technique for faster propagation.
- Conti launched attacks on the Leon Medical Centers (Miami) and Nocona General Hospital (Texas) and published thousands of medical records on a dark web blog.
- Medical records of UPS and Norfolk Southern Railroad employees were exposed on a leak site belonging to the ransomware gang. The operators claimed to have gained access to the data during a cyberattack on Taylor Made Diagnostics.
- The threat actor has published 4,150 files belonging to the Scottish Environment Protection Agency (SEPA) on the dark web. The files containing corporate plans, spreadsheets, contracts, and personal info of the staff are free to download.
The bottom line
Originated from Wizard Spider, Conti seems to be the more successful sibling of Ryuk. The constant barrage of attacks by the ransomware recapitulates that it is imperative to follow the best security practices and focus on strengthening the overall cybersecurity posture.