The FBI, National Security Agency, and the Cybersecurity Infrastructure and Security Agency issued a joint advisory on Sept 22, 2021, warning US organizations to prepare for a rise in Conti ransomware attacks and urged them to apply mitigations suggested.
The joint advisory noted that the Conti ransomware has been used in over 400 attacks targeting the US and international organizations.
Conti is usually delivered using a ransomware-as-a-service model, but the alert noted that there’s a departure in some Conti attacks from the usual model as the Conti developers seem to be paying affiliates a wage instead of providing a cut on the ransom received.
The advisory provides also details on the various stages and tactics observed in Conti attacks. The analysis is based on the MITRE ATT&CK framework. Conti leverages various attack vectors to intrude into a network including stolen or weak Remote Desktop credentials, spear-phishing campaigns, fake software promoted via search engine optimization, and more.
ManageEngine has a webinar that explores in-depth how attackers take advantage of weak RDP credentials and spear-phishing campaigns to compromise Active Directory which is often a key target in such ransomware attacks as it enables stealthy lateral movement and privilege escalation. You can watch it here.
Additionally, the advisory listed three immediate actions organizations need to take to protect against Conti ransomware. They are:
• Use multi-factor authentication.
• Segment and segregate networks and functions.
• Update your operating system and software.