Category Archives: Conti

Conti Ransomware Group Diaries, Part II: The Office

Posted on by

Earlier this week, a Ukrainian security researcher leaked almost two years’ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesday’s story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series we’ll explore what it’s like to work for Conti, as described by the Conti employees themselves. Continue reading Conti Ransomware Group Diaries, Part II: The Office

Conti Ransomware Group Diaries, Part I: Evasion

Posted on by

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments. Continue reading Conti Ransomware Group Diaries, Part I: Evasion

Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine

Posted on by

A group of Belarusian hackers and IT specialists claimed Sunday that they’d attacked the Belarusian Railways in an attempt to “slow down the transfer of occupying forces and give the Ukrainians more time to repel the attack,” according to a Google translation of the message posted to the group’s Telegram channel. The hackers — who call themselves the Cyber Partisans and have targeted Belarus’ autocratic government and its leader, Alexander Lukashenko, dating back to September 2020 — said Sunday their hack “paralyzed” some railway operations in the Belarusian capital of Minsk and in Orsha, an eastern Belarusian city between Moscow and Misk. Some railway operations were switched to manual mode, the group said, “which will significantly slow down the movement of trains, but will NOT create accidents.” “The internal network will be disconnected until the Russian troops leave the territory of Belarus and the participation of the Belarusian military forces […]

The post Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine appeared first on CyberScoop.

Continue reading Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine

Exposing the Conti Ransomware Gang – An OSINT Analysis

Posted on by

UPDATE:The following set of graphics aims to visualize the recently leaked Conti ransomware gang members conversations.UPDATE:The following is a complete list of all the Bitcoin addresses used by the Conti ransomware gang members obtained using public
Continue reading Exposing the Conti Ransomware Gang – An OSINT Analysis

TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators

Posted on by

The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether. Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational. Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months. AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti. “In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that […]

The post TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators appeared first on CyberScoop.

Continue reading TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators

Conti ransomware group announces support of Russia, threatens to attack critical infrastructure

Posted on by

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.” The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organizes a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark website used by ransomware group Conti to post its victims’ data and threats. Security researchers believe the gang to be Russia-based. Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September. In May 2021 the FBI warned that Conti was involved in at least 16 ransomware attacks targeting U.S. health […]

The post Conti ransomware group announces support of Russia, threatens to attack critical infrastructure appeared first on CyberScoop.

Continue reading Conti ransomware group announces support of Russia, threatens to attack critical infrastructure

Conti ransomware gang: You attack Russia, we’ll hack you back

Posted on by

The Conti ransomware gang says that it supports the Russian government’s invasion of Ukraine… and if anyone launches a retaliatory cyber attack against Russia, they will hit back hard – launching attacks on critical infrastructure. Continue reading Conti ransomware gang: You attack Russia, we’ll hack you back

Ransomware spree hitting European oil, transport companies

Posted on by

European oil and transportation services have spent all week under attack by ransomware. The latest victim, aviation services company Swissport, announced Friday that ransomware struck part of its IT infrastructure, causing flight delays and knocking its website offline. The company said last month that in 2019, it fueled 2.3 million flights, and claims 2,000 employees at 40 airports across six countries. ⚠️ A part of #Swissport’s IT infrastructure was subject to a ransomware attack. The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery. — Swissport (@swissportNews) February 4, 2022 The announcement comes one day after reports of attacks on oil port terminals in Belgium and the Netherlands. Earlier this week, two German oil companies became ransomware victims as well, forcing one of the companies into operating at […]

The post Ransomware spree hitting European oil, transport companies appeared first on CyberScoop.

Continue reading Ransomware spree hitting European oil, transport companies

Conti gang hits KP Snacks with a crippling ransomware attack

Posted on by

By Waqas
The ransomware attack affected the supply chain and disrupted deliveries to leading supermarkets in the United Kingdom. A…
This is a post from HackRead.com Read the original post: Conti gang hits KP Snacks with a crippling ransomware att… Continue reading Conti gang hits KP Snacks with a crippling ransomware attack