Security: Conti Ransomware Gangs Increase Attacks on International Organizations

News on security agencies' investigation of the rising attacks on organizations by ransomware experts.


Security agencies alert organizations on the rising attacks of Conti ransomware and advice on what to do to prevent these attacks.

After the attack was concluded, other activities included the usage of Trickbot malware for post-attack manipulations.
After the attack was concluded, other activities included the usage of Trickbot malware for post-attack manipulations.
Key Facts
  1. 1

    Conti Ransomware (RaaS) was used in over 400 attacks

  2. 2

    Affiliates of the contigang carry out attacks

  3. 3

    Possible ways through which these attacks are being initiated were highlighted.

  4. 4

    Mitigations such as software updates and multi-factor authentication can be used to prevent these attacks.


An investigation between the Federal Bureau of Investigation (FBI) and The Cybersecurity and Infrastructure Security Agency (CISA) reported increased use of the Conti ransomware in over 400 attacks within the US and International Organizations. The attacks involved stealing files, encrypting servers, encrypting workstations, and a demand for large sums of money in ransom.

The Conti ransomware was observed to be a ransomware-as-a-service (RaaS) model as it was deployed by different affiliates of the Conti gang in different attacks. The affiliates then get paid a pre-agreed fee as opposed to a part of the funds received as ransom from the victims.

The attacks were initiated by infiltrators gaining access to networks through a phishing email containing malicious contents in the form of embedded scripts, often with links to download other malware, including Trickbot and CobaltStrike. The Conti gang could also gain access through a host of other means listed in the report, including phone calls, promotion of fake software promoted by the search engines, malware distributors, common vulnerabilities in external assets.

In escalating the attacks on their victims, the Conti intruders were reported to use part of the victim's tools to consistently gain more ground in the victim's network. Remote monitoring software and remote desktop software were used as backdoors to maintain persistence during the attack. When the need for external tools arose, the intruders were found to have used a couple of tools like the Windows Sysinternals and mimikatz. After the attack was concluded, other activities included the usage of Trickbot malware for post-attack manipulations.

The security agencies advised organizations to use mitigation to protect against the possibilities of a Conti attack. This mitigation included organizations employing multi-factor authentication, network segmentation, and frequent filtering of traffic. They also advised a periodic scan for vulnerabilities, updating software regularly, using tools that ensure a response to endpoint detection, reducing and monitoring access to resources that can be accessed over the network, secure user accounts, and restricting RDP. The mitigation advice was, however, not welcomed by some people.

The report owed the increase in these attacks to the work-from-home setup of many organizations as workers were no longer within the secure firewalls of their various organizations. The report also mentioned the intruders constantly sterling up their game by improving the tools used in performing these attacks and circulating the results on what seemed to be a GitHub forum for attackers.

The attacks happen so fast that it would already be too late for the victim organizations to salvage by the time they are noticed. The attackers go for the mainframe of the networks and infiltrate the major networks.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …