The FBI says it has observed 16 Conti ransomware attacks that targeted healthcare and first responder networks in the United States over the past year.
First detailed in July 2020, Conti has grown to become a major threat, with more than 400 organizations worldwide (290 in the United States) being hit by the ransomware to date. Conti’s operators appear to tailor the ransom amount to the victim and were observed asking for as much as $25 million recently -- but victims do have the option to negotiate the amount.
Conti operators steal victim data in addition to encrypting files on servers and workstations, threatening to release the stolen data to the public unless the ransom is paid.
U.S. healthcare organizations and first responders that Conti has hit since its emergence include 9-1-1 dispatch centers, emergency medical services, law enforcement agencies, and municipalities, the FBI reveals in a newly published alert.
For initial access to the victim networks, Conti’s operators employ malicious attachments (weaponized Word documents with embedded scripts) and email links, as well as Remote Desktop Protocol (RDP) credentials.
A typical Conti attack starts with the malicious document dropping Cobalt Strike and Emotet, with the attackers dwelling in the victim’s network between four days and three weeks on average before installing the ransomware.
Once inside the network, the adversary leverages existing tools and deploys others when needed, including Windows Sysinternals and Mimikatz, for privilege escalation and lateral movement. The adversary also deploys the TrickBot malware when needed.
Victims are instructed to contact the ransomware operators for instructions on how to ..
Support the originator by clicking the read the rest link below.
