Conti ransomware

Pierluigi Paganini January 21, 2022
Conti ransomware gang started leaking files stolen from Bank Indonesia

The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank Indonesia confirmed that it was the victim of a ransomware attack that took place last month. The Conti ransomware gang claimed the attack and leaked some allegedly stolen files as proof of the security breach. A […]

Pierluigi Paganini December 17, 2021
Conti ransomware gang exploits Log4Shell bug in its operations

The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected. Conti operators run a private Ransomware-as-a-Service (RaaS), […]

Pierluigi Paganini December 10, 2021
Australian ACSC warns of Conti ransomware attacks against local orgs

The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November. “The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and […]

Pierluigi Paganini November 21, 2021
Researchers were able to access the payment portal of the Conti gang

The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it. Researchers at security firm Prodaft were able to identify the real IP address of one of the servers used by the Conti ransomware group and access the console for more than a month. The exposed […]

Pierluigi Paganini November 20, 2021
The newer cybercrime triad: TrickBot-Emotet-Conti

Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.  This operation was […]

Pierluigi Paganini November 19, 2021
Conti ransomware operations made at least $25.5 million since July 2021

Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since […]

Pierluigi Paganini October 31, 2021
Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham

Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors […]

Pierluigi Paganini September 03, 2021
Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits

The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is targeting Microsoft Exchange servers leveraging exploits with recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers. […]

Pierluigi Paganini August 06, 2021
Conti Leak Indicators – What to block, in your SOC….

Security expert provided leak indicators for Conti ransomware operations that were recently disclosed by a disgruntled affiliate. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators. The Conti Ransomware operators offer their services to their […]

Pierluigi Paganini May 22, 2021
Conti Ransomware hit 16 US health and emergency Services, said FBI

Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks. The Federal Bureau of Investigation (FBI) revealed that the Conti ransomware gang has hit at least 16 healthcare and first responder organizations. According to a flash alert issued by the FBI over 400 organizations worldwide […]