Despite massive data leak: ransomware group Conti still active

top cybersecurity companies

Cyber ​​criminals continue to use phishing and known vulnerabilities. They encrypt networks and threaten to release previously copied data.

The Conti ransomware gang is still actively running campaigns against victims around the world, although data leaks have revealed the inner workings of the group. Despite the disclosure of details such as the people involved, chat logs and internal processes, the Conti members are sticking to many known procedures, according to an analysis by the NCC Group.

Attackers use a number of initial entry vectors to gain a foothold on networks, including phishing emails using the Qakbot Trojan and exploiting more vulnerable Microsoft Exchange servers. Other techniques include exploiting publicly available vulnerabilities, including vulnerabilities in VPNservices and Log4J Java libraries. The attackers also send phishing emails using legitimate compromised accounts.

Besides encrypting networks and demanding payment for the decryption key, one of the main features of Conti ransomware attacks is stealing sensitive data from victims and threatening to release it if the ransom is not paid. Perhaps unsurprisingly, Conti haven’t changed tactics after becoming victims of information leaks themselves, and they continue to steal large amounts of data from victims to use as additional leverage in dual blackmail attacks.

As described by researchers, many Continental campaigns exploit unpatched vulnerabilities to gain access to networks. Organizations should therefore ensure that security patches for known vulnerabilities are installed as soon as possible to ward off potential intruders.

Leave a Reply

Your email address will not be published.