[MART] - Daily Diary #395 - Conti Ransomware Breached

CTAS-MAT ctas-mat at appgate.com
Mon Nov 22 22:12:20 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

11/22/2021 - Diary entry #395

Covered in many of our Daily Diaries, Conti Ransomware is one of the most dangerous ransomware families active nowadays. Operating using the double-extortion model, Conti publishes stolen date from its victims in Conti-News, their wall of shame. This week security researchers were able to exploit a flaw in Conti Ransomware website and exposed their infrastructure.

Conti website, as almost all ransomware wall-of-shame websites, are hidden behind Tor network, which masks the real IP Address of the server. By exploiting the flaw, the researchers recovered the real server IP addresses and 20 others that communicated with Conti servers, along with Bitcoin wallet addresses used to receive the payments. Having the real IP Addresses allows authorities to discover where those services are hosted and increases the chances of finding the real actors. In this case, it was found that the servers are hosted by an Ukrainian web hosting company.

After the attack, Conti shutdown their payment portal, but the wall-of-shame page remains online. It's not clear if the discovered information will actually help the law enforcement agents to arrest Conti gang, but we highly discourage independent researchers from copying this strategy. Even if you succeed in breaching such systems, by disrupting them you can compromise ongoing investigations and make impossible for affected companies to have their files back.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211122/d873e8e8/attachment.htm>

More information about the MART mailing list