Conti Ransomware breaches over 40 organizations
The Conti cybercrime group has become extremely structured and runs one of the most aggressive ransomware operations, resulting in breaching more than 40 firms over a month.
Researchers learned about the group’s month-long hacking campaign and named it ARMattack based on a domain name that revealed the gang’s infrastructure. During the operation, Conti affiliates were able to compromise more than 40 firms in diverse industries over a broad range of geographies, emphasising on American-based businesses.
Although the Conti leak site revealed information for up to 46 victims in a single month, the breach date is still unknown. Data from Group-IB shows that the time it took Conti’s shortest successful attempt to encrypt the organization’s computers was three days.
Group-IB has been examining Conti’s working hours using information collected from public sources, such as the gang’s leaked internal communications. The researchers claim that Conti members maintain an average daily activity level of 14 hours, except for the New Year’s break.
The researchers also point out that the organization operates as a real company, with people assigned to hiring, research and development, managing OSINT jobs, and offering customer support. Monitoring Windows updates, examining the changes brought about by new patches, finding zero-day vulnerabilities that may be utilized in attacks, and exploiting recently published security weaknesses are all part of Conti’s attempts to remain ahead of the game.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.