Home News Conti Ransomware Attacks on Rise – CISA, FBI, NSA Issue Joint Alert

Conti Ransomware Attacks on Rise – CISA, FBI, NSA Issue Joint Alert

CISA and the FBI issued an alert on increased Conti ransomware in over 400 attacks on U.S. and international organizations.

SHARE
paying ransom, Conti Ransomware Attacks

Increased use of Conti ransomware in more than 400 attacks on the U.S. and international organizations has been observed by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The agencies issued a joint advisory listing with the technical details of the attacks and suggestions to safeguard the organizations’ systems against the Conti attack.

In Conti ransomware attacks, hackers access an unprotected RDP port, use email phishing, malicious attachments, downloads, or vulnerabilities to gain access to a network. These cyber actors then steal files, encrypt servers and workstations, and demand ransom.

See also: Conti Ransomware Crook Leaks the Group’s Hacking Tricks

Conti is considered a ransomware-as-a-service (RaaS) model; however, its structure differs from a typical affiliate model. According to the officials, Conti’s developers are said to pay the attackers a wage rather than a percentage of the proceeds.

It was observed that the threat actors made use of Router Scan, a penetrating testing tool to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces, among other techniques.

Mitigations

The following recommendations have been issued by CISA, FBI, and NSA that network defenders must apply to abate the risk of compromise by Conti ransomware attacks.

  • Use multi-factor authentication – ensure multi-factor authentication for remote access from external sources.
  • Implement network segmentation and filter traffic – to restrict the spread of ransomware there must be strict segmentation between networks and functions.
  • Eliminate unregulated communication between networks. Network traffic must be filtered to prohibit ingress and egress communications with known malicious IP addresses.
  • Enable strong spam filters to prevent phishing emails from reaching end users. Implement a user training program and create awareness among users to refrain from visiting malicious websites or opening malicious attachments.
  • Have a URL blacklist and/or whitelist in place to prevent users from accessing malicious websites.
  • Scan for vulnerabilities and keep software updated. Use a centralized patch management system. Include regular scans of network assets and upgrade software and operating systems, applications, and firmware on network assets at defined intervals.
  • Remove unnecessary applications and apply controls. Applications deemed unnecessary for daily operations should be deleted.
  • Implement software restriction policies (SRPs) or other controls to prevent programs from executing from common ransomware locations.
  • Implement execution prevention by disabling macro scripts from Microsoft Office files transmitted via email.
  • Implement endpoint and detection response tools. Endpoint and detection response tools allow a high degree of visibility into the security status of endpoints and can help effectively protect against malicious cyber actors.

According to the 2021 Cyber Threat Report from SonicWall, ransomware attacks have increased rapidly, surpassing the number of attacks in 2020 and the first half of 2021. The report revealed that over 304.7 million ransomware attacks were reported globally in H1 2021, exceeding 304.6 million attacks in 2020, a 151% increase. High-profile extortion attacks on Colonial PipelineJBS Foods, health care, energy sectors, and the recent Kaseya attack have severely disrupted operations of organizations across the globe.

Rewards for Justice Reporting

The U.S. Department of State’s Rewards for Justice (RFJ) program offers a reward of up to $10 million for reports of foreign government malicious activity against U.S. critical infrastructure. See the RFJ website for more information and how to report information securely.