In lower than 2 years, probably the most profitable ransomware group so far has reached new ranges of marketing campaign and particular person assault effectiveness, focusing on over 160 industries worldwide.
Conti has shortly grow to be probably the most recognizable title in ransomware at present. Making up 16% of all ransomware assaults at present, Conti has disrupted the operations of over 850 firms, authorities companies, and a whole nation.
Safety vendor Group-IB has lately launched an up to date have a look at Conti of their report CONTI ARMADA: ARMATTACK CAMPAIGN. In it, Group-IB observe that Conti’s most spectacular feat is compromising greater than 40 organizations in only one month.
In keeping with the report, Conti have traditionally targeted on 6 industries:
- Manufacturing
- Actual Property
- Transportation
- Skilled Companies
- Commerce
- Client Items
The US is, by far, their best focus, representing 48% of assaults in Q1 of 2022.
Conti’s newest marketing campaign, dubbed ARMATTACK, is characterised as being “lightning quick” by Group-IB. Conti’s velocity of execution from preliminary entry to Area Controller compromise in slightly greater than 3 days, utilizing a mix of exploits, identified malicious toolsets, native Home windows distant desktop performance, and spear phishing. Conti’s successes haven’t gone unnoticed, with the U.S. Authorities placing a $15 million bounty on the gang’s head.
And since Conti operates in a “Ransomware as a Service” mannequin, Group-IB see them as a “infamous participant that has in actual fact created an IT firm whose purpose is to extort massive sums.” This makes Conti very harmful and may trigger organizations to extend efforts to cease preliminary assaults by Conti associates by way of improved defenses, together with Safety Consciousness Coaching.