The term ransomware has been existing for sometime in the cyber world and was made more famous after the wannacry ransomware attack. The attack had a tremendous impact globally across various sectors. Some of the well known families around the ransomware types include Reveton, cryptolocker, cryptowall and so on. The ransom and the encryption started improving and evolving with every new ransomware attack that was executed. Now, recently, the Conti ransomware is the latest to be incorporated in the list. Familiar to certain technologies like IaaS, PaaS, BaaS, RaaS or Ransomware as a service has been gaining popularity and slowly transitioning from the dark web market place to the open accessible world. The Conti ransomware has been found to display detrimental effects similar to other types of ransomware attacks and this article covers the impact the ransomware has had so far.
Ransomware attacks have deteriorated throughout years, with recent targets as varied as state and local governments, hospitals, police departments, and critical infrastructure. Conti is one of numerous ransomware strains that have ceded on that pattern, starting its tasks in July 2020 as a private Ransomware-as-a-Service (RaaS), as well as getting on board with the twofold extortion bandwagon by launching a data leak site. The Federal Bureau of Investigation (FBI) has linked the Conti ransomware group to at least 16 attacks aimed at disrupting healthcare and first responder networks in the United States. The targets identified include 911 dispatch carriers, law enforcement agencies, and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the COVID-19 pandemic.
Ransomware as a Service (RaaS) is a plan of action utilized by ransomware engineers, in which they rent ransomware variations in a similar fashion that authentic programming designers rent SaaS services. RaaS gives everybody, even individuals who are less technical-savvy, a lot of specialized information, the capacity to dispatch ransomware attacks just by signing up a service. RaaS kits permit noxious actors lacking technical expertise or time, to create their own ransomware variations to be fully operational rapidly and reasonably. They are not difficult to track down on the dark web, where they are promoted in a similar fashion to merchandise that are publicized on the legitimate websites.
According to the FBI, Infections involving Conti have also breached the networks of Ireland’s Health Service Executive (HSE) and Department of Health (DoH), prompting the National Cyber Security Centre (NCSC) to issue an alert of its own on May 16, stating that “there are serious impacts to health operations and some non-emergency procedures are being postponed as hospitals implement their business continuity plans.” Conti operators are known for infiltrating enterprise networks and spreading laterally using Cobalt Strike beacons prior to exploiting compromised user credentials to deploy and execute the ransomware payloads, with the encrypted files renamed with a “.FEEDC” extension.
Dealing with a cyberattack is an upsetting encounter. It very well may be enticing to clear the quick threat and close the book on the occurrence, however truly in its doing, you are probably not going to have disposed of all hints of the attack. It is significant that you set aside some effort to distinguish how the aggressors got in, gain from any mix-ups and make upgrades to your security. On the off chance that you don’t, you run the danger that a similar attack or another might come and do this to you again one week from now. Though there are various mitigation techniques available to defend ransomware attacks, the process needs to be altered with every new ransomware attack as the entry points are constantly changing and making it more difficult to be detected.
The initial phase in forestalling any kind of ransomware attack is early recognition of these markers. On account of Conti specifically, defenders additionally need to close down their internet-facing remote desktop protocol (RDP) processes if possible, or if nothing else put them behind a virtual private network (VPN) on the off chance that they’re operationally paramount. Another significant protection is the utilization of layered security, including a reaction group that constantly screens the organization.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective