Conti ransomware hacking spree breaches over 40 orgs in a month, Conti, Ransomware

The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.

Security researchers codenamed the hacking campaign ARMattack and described it as being one of the group’s “most productive” and “extremely effective.”

Lightning-fast ARMattack campaign

In a report shared with BleepingComputer, researchers at cybersecurity company Group-IB say that one of Conti’s “most productive campaigns” occurred last year, between November 17 and December 20, 2021.

They discovered the group’s month-long hacking spree during incident response activities and dubbed it ARMattack, based on a domain name that exposed the gang’s infrastructure.

During the campaign, Conti affiliates managed to compromise more than 40 organizations in various sectors of activity operating across wide geography but with a focus on companies based in the U.S.

Conti ransomware hacking spree breaches over 40 orgs in a month, Conti, Ransomware

Conti’s ARMattack hacking spree – source: Group-IB

A Group-IB spokesperson told BleepingComputer that ARMattack was very swift and explained that the company’s report refers to organizations that had their networks compromised. It is unknown whether any of the victims paid the ransom demanded by the attacker.

It is worth noting that while the Conti leak site published data for as many as 46 victims in just one month (e.g. April 2022), the compromise date remains unclear.

Based on data from Group-IB, Conti’s shortest successful attack lasted for just three days from initial access time to encrypting the organization’s systems.

“After gaining access to a company’s infrastructure, the threat actors exfiltrate specific documents (most often to determine what organization they are dealing with) and look for files containing passwords (both plaintext and encrypted). Lastly, after acquiring all the necessary privileges and gaining access to all the devices they are interested in, the hackers deploy ransomware to all the devices and run it” – Group-IB

“Office” hours

Using data gathered from public sources, such as the leaked internal chats from the gang, Group-IB has been analyzing Conti’s “working hours.”

According to the researchers, Conti members are active about 14 hours every day, except during the New Year holiday, a schedule that accounts for their efficiency.

Group-IB says that the group starts working towards noon (GMT+3, Moscow time) and retreats after 9 PM. Conti members are likely dispersed across multiple time zones.

Furthermore, the researchers highlight that the group functions similarly to a legitimate business, with individuals tasked with finding workers, research and development, running OSINT jobs, and providing customer support.

Conti’s efforts to stay ahead of the game include monitoring Windows updates and analyzing the changes from new patches, as well as discovering zero-day vulnerabilities that can be used in attacks, and exploiting freshly disclosed security flaws.

“Conti’s increased activity and the data leak suggest that ransomware is no longer a game between average malware developers, but an illicit RaaS industry that gives jobs to thousands of cybercriminals worldwide with various specializations” – Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB’s Threat Intelligence team

At the top of the ransomware game

Conti is currently one of the top three ransomware gangs in terms of attack frequency, falling second after LockBit this year, as per data collected from the first quarter of 2022.

Since the gang came into the public light, the list of victims attacked with Conti ransomware that did not pay the threat actor increased to 859, although the real number is likely significantly higher since the count is only based on data published on the group’s leak site.

Judging by this number alone, on average, Conti has been publishing each month data stolen from at least 35 organizations that did not pay a ransom.

The first Conti ransomware attacks that BleepingComputer learned of date from late December 2019. According to Group-IB, initial test versions of the malware have been tracked to November 2019.

One of the most notorious Conti attacks occurred recently, encrypting systems from multiple government bodies in Costa Rica, causing the country’s president to declare a national state of emergency.

Despite the recent chat and source code leaks, Conti continues to run a lucrative business that has shown little sign of collapsing.

The group has constantly expanded its activity by working with other ransomware operators (HelloKitty, AvosLocker, Hive, BlackCat, BlackByte, LockBit) and acquiring cybercriminal operations such as TrickBot.

Conti has become a threat so large that the U.S. Government is offering a reward of up to $15 million for information leading to the identification and location of the group’s leading members.

TECH NEWS RELATED

Tech supply chain player Redington on digital pivot to ride cloud wave

ETtech Illustration: Rahul Awasthi Supply chain solutions provider for technology products Redington will have half of its business streaming in through its e-commerce platform within two years, a top executive told ET, as it transitions to a digital-centric business framework.Redington, which supplies Apple iPhones as well as other electronic devices ...

View more: Tech supply chain player Redington on digital pivot to ride cloud wave

BMW 8 X Jeff Koons Art Car available in Australia

More than 200 hours are sunk into to the BMW 8 Series X Jeff Koons’ paintwork alone, and the brand plans to sell 99 examples of the rolling art piece to the public – one of those will be available to buy in Australia. BMW has pulled the sheets ...

View more: BMW 8 X Jeff Koons Art Car available in Australia

Xiaomi 12S series launch date revealed, coming with Snapdragon 8+ Gen 1 and Leica camera

After many rumors and leaks, Xiaomi has officially confirmed the launch of its Xiaomi 12S series for July 4th at 19:00 PM China time. The event will showcase the company’s new imaging strategy upgrade that has Leica Imaging as a key partner. The company will present the Xiaomi 12S, 12S ...

View more: Xiaomi 12S series launch date revealed, coming with Snapdragon 8+ Gen 1 and Leica camera

Dissolving the problem: Organic vapor induces dissolution of molecular salts

Researchers from the Institute of Industrial Science, The University of Tokyo, find that organic vapors can induce dissolution of molecular salts (i.e., organic deliquescence), similar to water vapor-induced deliquescence. Credit: Institute of Industrial Science, The University of Tokyo It has long been known that when salt is kept in ...

View more: Dissolving the problem: Organic vapor induces dissolution of molecular salts

Researchers describe new kangaroo fossil from Papua New Guinea

Artist’s impression of Nombe Rockshelter megafauna, showing the Nombe kangaroo on the right. Credit: Artwork by Peter Schouten Australian paleontologists from Flinders University have described a new genus of giant fossil kangaroo from the mountains of central Papua New Guinea. The new description of the fossil kangaroo has found ...

View more: Researchers describe new kangaroo fossil from Papua New Guinea

Jaguar to launch three jaw dropping EVs in 2025

Three new electric crossovers will take Jaguar into Bentley territory, with new platform, tech and design. Jaguar is planning a trio of “jaw-dropping” electric sports crossovers to take the brand into Bentley territory from 2025. The new two-tier, three-model line-up promises to dramatically recast Jaguar as a 50,000-60,000-per-year manufacturer ...

View more: Jaguar to launch three jaw dropping EVs in 2025

Alibaba CEO extols positive role e-commerce giant’s technology can play in Chinese society in article for official magazine

Daniel Zhang Yong, chairman and chief executive of Alibaba Group Holding, has written an article in an official magazine published by the country’s cyberspace administration, promoting the positive role the Hangzhou-based company’s technology can play in Chinese society. The article was published in the latest edition of China Wangxin, ...

View more: Alibaba CEO extols positive role e-commerce giant’s technology can play in Chinese society in article for official magazine

Sony Introduces M9 and M3 InZone Monitors Which Have a Very PS5-Like Aesthetic

Sony launched its new InZone brand of gaming monitors with the reveal of the M3 and M9. These high-performance monitors are targeted at a general gaming audience, but their black and white designs are an obvious wink to PS5 owners. Surprisingly, despite this, they lack any PlayStation branding at ...

View more: Sony Introduces M9 and M3 InZone Monitors Which Have a Very PS5-Like Aesthetic

Sparks of Hope as new Mario + Rabbids game gets a date

iPad can still be your home hub in iPadOS 16, but there's a huge catch

Tecno POVA 3 hits the Indian shelves with monstruous battery

B2B digitisation platform Sourcewiz raises Rs 20 crore in funding

Enjoy slaying demons in style The Hinokami Chronicles are for interactive lovers of anime

The price of Nothing Phone (1) might be its only asset

Praetura Ventures gets £5m from British Business Investments

How to Apply for the Lifeline Program and Save on Your Home Internet Service

Red Bull’s RB17 is a treat for enthusiasts

The Bowers & Wilkins PX7 S2 could have what it takes to dethrone the Sony WH-1000XM5

China’s new antitrust rules could increase Big Tech scrutiny, adding hurdles to start-up acquisitions

Birdie: ‘operating system for care providers’ raises £25m

OTHER TECH NEWS

Top Car News Car News