Blog

Corporate Internet Users Watch Out For Conti Ransomware

Jul 22, 2020 | Blog

Although you may not be familiar with the name, a strain of ransomware called “Conti” is surging in popularity on the Dark Web and seeing a rapidly growing number of installations, so it’s definitely one to be on guard against.

Advanced intel’s Vitali Kremez has been tracking this strain since it first appeared in late 2019.

According to Kremez, the code appears to be an offshoot of an older strain of ransomware called Ryuk. The number of active installs of Ryuk has been declining for a few years now, while the number of Conti installations increases at virtually the same pace.

Kremez, had this to say about the new ransomware threat:

Based on multiple incident response matters and current assessment, it is believed that Conti ransomware is linked to the same Ryuk ransomware developer group based on the code reuse and unique TrickBot distribution. The same distribution attack vector is used widely by the Ryuk deployment group.”

While there are a number of interesting aspects to the design of Conti, one of the most interesting is the fact that it utilizes 32 threads during the file encryption process. While multi-threaded ransomware isn’t new or unique, Conti is the first to use 32 threads, which makes it stand out and allows it to encrypt a machine with blinding speed.

The advantage to the attacker here is that the attack might be over before a victim even realizes what’s going on. On the other hand though, a wary, observant user might notice that the machine’s performance takes a sudden nosedive, which is a red flag that something is wrong. That gives IT professionals a small window to deploy countermeasures and potentially stave off the attack.

The other interesting aspect of this code’s design is the fact that it utilizes the Windows restart manager API to close open files. Again, while not unique, it is something not used by many malware strains, which sets Conti apart.

In any case, it’s a serious and growing threat, and one your staff should be briefed on and prepared for.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech