[MART] - Daily Diary #506 - Conti Ransomware Targets Governmental Entities

Mon May 9 22:00:05 UTC 2022

Hello,

I hope everyone is doing well!

Below is the entry for today.

05/09/2022 - Diary entry #506:

Covered in many of our Daily Diaries, Conti is one of the most dangerous ransomware families active today. Conti operates using the double-extortion model, publishing stolen data from victims that refuses to pay the ransom on their deep-web page "Conti News". Their blog also contains announcements of their full support of the Russian government during the ongoing conflict between Russia and Ukraine (covered in our Daily Diary #461). These political announcements led to a series of leaks involving their chat logs and source code by an allegedly Ukrainian Twitter account named ContiLeaks (covered on Daily Diary #474).

Those leaks didn't affect Conti's operations at all. The Conti Syndicate has a complex and big structure comprised of many individuals with different roles that overlap with other malware operations, therefore it's very hard to disrupt their activities. Amid all of that, Conti has made more victims, including the recent attacks against Costa Rica and Peru's governmental entities.

In the attacks against Costa Rica, Conti breached the Costa Rican Finance Ministry (Ministerio de Hacienda), the Ministry of Labor and Social Security (MTSS), the Social Development and Family Allowances Fund (FODESAF), and the Interuniversity Headquarters of Alajuela (SIUA). As of yesterday, May 8th, Conti has published 97% (672.19 GB) of the stolen data after the Costa Rican government refused to pay the ransom. Because of that, the Costa Rican President, Rodrigo Chaves, has declared a national emergency following Conti's cyberattacks.

Regarding the attack targeting Peru, Conti breached and stole 9.41 GB from the "Dirección General de Inteligencia" (DIGIMIN), which is the Peruvian agency responsible for national, military, and police intelligence/counterintelligence. Both attacks were published and claimed by the same Conti affiliate (unc1756) who declared that its purpose is only financially motivated. However, he threatened to carry out larger attacks with a larger team.

If unc1756's threats become true, governmental entities should immediately strengthen their security and adopt all means necessary to avoid becoming a victim of the Conti Ransomware group.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220509/87716454/attachment.htm>