The FBI says a group of criminals behind the Conti ransomware have attacked more than 400 organizations worldwide, 290 of which are in the United States. This includes health facilities, communities and the police force. HSE, Ireland’s national healthcare provider, was recently infected with the Conti ransomware, which affected patient services. The group is demanding up to 25 million euros to encrypt the files.
To access victims’ networks, the Conti Team uses well-known methods, such as links in email messages pointing to malware, victim email links, and stolen RDP credentials. On average, attackers spend four to three weeks on the network before releasing ransomware. The FBI warns that it is common for attackers to call victims when the organization does not respond to the group’s requests two to eight days after the ransomware “”pdf).
The monitoring service asks you to share as much information about the group as possible about the victims, namely Bitcoin addresses, the encryption tool provided and the IP addresses. The FBI also makes recommendations to prevent such attacks. For example, it is recommended to disable hyperlinks in incoming email and deliver emails from outside the company with a banner. Organizations are also advised to focus on cyber security awareness and staff training.