We have already talked in this blog about the importance of protecting our computers and the information they contain from malware.
In this specific case, we will focus on a specific type of malware, the Conti ransomware, which appeared in 2019, and which we will describe below.
But first, we are going to refresh or clarify a series of concepts to better understand the subject we are going to see.
Malware is malicious software created to cause damage or perform unwanted and harmful actions on a computer system.
This computer program is executed without the knowledge or authorization of the user of the infected computer or equipment.
Computer viruses are the most characteristic example of malware we can find, and there is a great variety.
For more information, enter our blog article dedicated to the types of malware, with tips to protect ourselves.
What is Conti ransomware?
Ransomware is a type of malware through which the cybercriminal encrypts files or blocks access to a computer, demanding a ransom payment to decrypt or unlock the device.
Conti ransomware is the ransomware-as-a-service type. This means that the developers offer malware on the Internet to recruit affiliates.
These affiliates will distribute the ransomware in exchange for a percentage of the profits obtained from the ransom payment.
What Conti does is get certain confidential information and encrypt it. Next, she demands payment of a certain amount of money by threatening to leak the data obtained.
It is a double extortion since the victim has to pay to decrypt the files and to prevent that information from being made public and spreading.
Fearing that their reputation will be damaged or that sensitive business data will be made public, those affected may feel pressured to pay up.
Cybercriminals target companies or government agencies that have significant capital to pay or whose information is so valuable that they would not be able to operate without it.
This ransomware has been active since 2021, attacking organizations such as public health systems and companies from different countries.
Conti works with complex algorithms for data encryption that quickly encrypt files.
The faster the encryption, the less reaction and response capacity will be, and the more likely the attack will succeed.
Also Read: How Biometrics Influence Your Cybersecurity
Mode of action
Let’s see in a very summarized way the way these cybercriminals act.
They collect information about the employees and the Infrastructure of the companies, looking for vulnerable points to define the strategy they will follow for the attack.
To carry out the attacks successfully, they need a fairly complex infrastructure of servers, storage systems, etc…, as well as prior testing.
Conti attacks through phishing or identity theft campaigns, attaching malicious files to emails to download malware onto victims’ computers.
To infiltrate the victim’s network, they can use methods such as the theft of credentials, the recruitment of “moles” within the company, or the exploitation of vulnerabilities in unprotected computers.
5. Deletion of backup copies
To ensure the success of the cyberattack, they have a team that is in charge of eliminating the backup copies to force the ransom payment to recover the kidnapped information.
If the days go by and the victims do not pay the requested ransom, the next step may be using threats through phone calls or email.
To add more pressure, cybercriminals have a blog where they post the victims’ names and proof of the stolen information.
How to act before an attack of this type?
It is recommended to refrain from paying for the ransom of the affected files since there is no guarantee that cybercriminals will keep their word to return and release the information.
On the other hand, if we pay, we are contributing to more attacks of this type, as it is profitable for these groups.
To protect ourselves and minimize risks, we can adopt a series of measures :
- Keep the equipment updated with the latest security patches.
- Install antivirus software and other protection measures.
- Train employees in cybersecurity.
- Make backup copies periodically.
- Scan the network often for malicious processes.