[MART] - Daily Diary #353 - Conti Ransomware is on a Rampage

CTAS-MAT ctas-mat at appgate.com
Wed Sep 22 21:06:56 UTC 2021


Hello,
I hope everyone is doing well!

Below is the entry for today.

09/22/2021 - Diary entry #353

Active since 2020, Conti Ransomware is yet another ransomware that operates in the double-extortion business model, publishing stolen data in their wall-of-shame if the ransom is not paid.

For the encryption process, it uses a variation of ChaCha and AES-256, instead of the common RSA + AES combination. Conti is developed by the Wizard Spider group, the same developers of Trickbot (covered in our Daily Diary #84), that also deploys another ransomware threat, Ryuk. In the beginning, it was believed that Conti was supposed to be an evolution of Ryuk, and would take its place, but even after a year, both malware pieces remain being used.

Today, September 22th, CISA, FBI, and NSA released a join advisory against Conti Ransomware. According to the advisory, Conti attacks are increasing, and companies should take the required measures to avoid being targeted. They also recommend keeping systems up-to-date, requiring multi-factor authentication and implementing network segmentation.

Our team got access to "ContiNews" website, their wall-of-shame. Only today three new targets were published, totaling 29 only in September. It's important to reinforce that data is published when a company decides not to pay the ransom, so the target list might be larger. This website is now monitored by our team ransom-tracker, so we are constantly alerted in case a new target shows up.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210922/336f67e6/attachment.htm>


More information about the MART mailing list