Conti ransomware is back!! U.S Federal Bureau of Investigation(FBI) issued flash alert.

FBI has issued flash alert for continuous targeted attack by conti ransomware on 16 U.S healthcare and first responder networks including law enforcement agencies, emergency medical services and municipalities with past year.

Around 400 organization worldwide have been victimized by Conti out of which 290 belongs to U.S.

Conti ransomware is commonly known for targeting enterprise networks by deploying & executing the ransomware payloads for encrypting the file and renaming it with “.FEEDC” before move laterally using payloads and beacons from Cobalt Strike .

FBI has released the technical details stating “Conti actors gain unauthorized access to victim networks through weaponized malicious email links,
attachments, or stolen Remote Desktop Protocol (RDP) credentials. Conti weaponizes Word documents with embedded Powershell scripts, initially staging Cobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware. Actors are observed inside the victim network between four days and three weeks on average before deploying Conti ransomware, primarily using dynamic-link libraries (DLLs) for delivery. “

“The actors first use tools already available on the network, and then add tools as needed, such as Windows Sysinternals1 and Mimikatz to escalate privileges and move laterally through the network before exfiltrating and encrypting data2. In some cases where additional resources are needed, the actors also use Trickbot3. Once Conti actors deploy the ransomware, they may stay in the network and beacon out using Anchor DNS.”

Conti ransomware’s IOC’s has been released by National Cyber Security Centre for the necessary action on security controls.

–For more Cyber security news in crisp content .Please follow our site and subscribe.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s