• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Security

Conti ransomware brand is dead, but gang restructures: Report

Howard Solomon by Howard Solomon
May 25, 2022
in Security
0 0
0
WatchGuard firewall admins warned that new malware targets the devices
The Conti ransomware gang’s brand is dead. That’s the conclusion of researchers at Advanced Intelligence. Its infrastructure related to negotiations, data uploads, and hosting of stolen data has been shut down. However, before you start celebrating, the researchers say the gang has dispersed and is operating under a number of smaller brands. This is part of a calculated scheme that started two months ago when the gang expressed support for Russia’s invasion of Ukraine. That, the researchers argue, made the Conti brand toxic to cyber intelligence agencies and organizations the gang hit. Since then almost no ransom payments have been made to the group. Its locker code became highly detectable by IT defenders and was rarely deployed. The AdvIntel researchers argue that Conti’s backing of Russia violated an unwritten rule of threat actors: Don’t get involved in politics. One gang member allegedly was so angered that they leaked private Conti chat messages. And it didn’t help that on May 6th, the U.S. offered rewards of up to US$10 million for information leading to the takedown of the Conti group. The highly-publicized attack on government agencies of Costa Rica was a diversion while it restructured, say AdvIntel researchers. What next? Conti is adopting a network organizational structure, says AdvIntel, one that is more horizontal and decentralized than its previously rigid hierarchy. “This structure will be a coalition of several equal subdivisions, some of which will be independent, and some existing within another ransomware collective. However, they will all be united by internal loyalty to both each other and the Conti leadership.” Type 1. Fully autonomous partners: These are pure data-stealing groups. They include the Karakurt, BlackBasta and BlackByte gangs. For a backgrounder on the BlackByte gang see this analysis by Cisco Systems; Type 2: Semi-autonomous partners: These act as Conti-loyal collective affiliates within other collectives in order to use their ransomware locker: These include the AlphV/BlackCat, Hive, HelloKitty/FiveHands and AvoisLocker gangs; Type 3:Independent affiliates: These are individuals who may do the actual initial hack of an organization but are loyal to Conti; Type 4: Mergers & Acquisitions: These are small threat actor groups the Conti leadership infiltrates and consumes entirely, keeping the small brand’s name. The small group’s leader loses independence, but receives a massive influx of manpower, while Conti gets a new subsidiary group. This structure is different from the Ransomware-as-a-Service model, says AdvIntel, since this network does not seem to be accepting new members. Moreover, the researchers say, unlike RaaS, this model seems to value operations being executed in an organized, team-led manner. Finally, all the members know each other very well personally and are able to leverage these personal connections and the loyalty that comes with them. What does this mean for IT defenders? Not much. It’s still vital to perform cybersecurity basics to protect against any cyber attack:
  • inventory and triage hardware and software so vital devices and applications can be patched as soon as security updates are available;
  • have all staff enrolled in multifactor authentication as an extra step to protect logins; ensure staff and partners only have access to data and systems they need;
  • segment data and networks;
  • encrypt sensitive data at rest and in transit; have one copy of backup data saved offline and off-site;
  • test backup and recovery procedures to make sure they work and staff know what to do;
  • have an incident response plan that is regularly tested.
For more advice see the reports of the Ransomware Task Force, the Canadian Centre for Cyber Security’s ransomware resource pages and the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Stop Ransomware web site. Meanwhile, the CISA announced Friday it plans to soon convene a Joint Ransomware Task Force as mandated under a recently-passed federal law. It would be co-chaired by the CISA and the FBI. When fully implemented, the legislation will require critical infrastructure companies to report to the federal government any substantial cybersecurity incidents within 72 hours or ransom payments within 24 hours. The U.S. Justice Department also said it will increase work to crack down on illegal cryptocurrency transactions and work closer with other countries to prosecute threat actors. The post Conti ransomware brand is dead, but gang restructures: Report first appeared on IT World Canada.
Tags: DIransomwaresecurity strategies

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00