conti (6)

9421881897?profile=RESIZE_400xActivity Summary - Week Ending 13 August 2021:

  • Red Sky Alliance identified 38,261 connections from new unique IP addresses
  • Analysts observed 39 unique email accounts compromised with Keyloggers
  • Researchers identified 3,451 new IP addresses participating in various Botnets
  • Conti Exposed by m1Geelka
  • RATs – more Remote Access Trojans
  • Bandook Malware
  • Poly Network Hit
  • Ransomware Directly affecting Public Safety
  • China & Israel
  • New AdLoad Malware
  • Perfume and Cyber

Link to full report: IR-21-225-001_w

9408552270?profile=RESIZE_400xOn 5 August 2021 a threat actor using the handle m1Geelka, made a post on the Russian XSS cybercriminal forum.  In the post, they claim to have leaked the manuals and instructions used by the Conti ransomware group whom with they were previously associated.  These posts provide valuable insight into Conti operations.  While the group is highly likely to change its exposed infrastructure and their tactics, techniques, and procedures (TTP’s), network defenders are now able to research this informa

9193850468?profile=RESIZE_400xActivity Summary - Week Ending 2 July 2021:

  • Red Sky Alliance identified 19,270 connections from new unique IP addresses
  • Analysts identified 2,543 new IP addresses participating in various Botnets
  • 13 unique email accounts compromised with keyloggers were Observed
  • Netfilter
  • PJobRAT Spyware
  • Mirai Knockoffs
  • Salvation Army Hit
  • Conti & Canada
  • DragonForce / Israeli Banking
  • Fancy Lazarus attempts an attack on German Banks - Denied

Link to full report: IR-21-183-001_weekly_183_FINAL.pdf

 

8963279294?profile=RESIZE_400xIn the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant.  Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction.  The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emerg

8270285688?profile=RESIZE_400xFor ransomware actors, innovation is a key to success, as crime gangs look for new ways to dupe people and make crypto-locking malware even more lucrative.  Some hacking groups have started cold-calling victims to inform them that their systems have been hit by ransomware and request a ransom to resolve the situation.  An old, yet tried and true use of chicanery.  Sometime old schemes become new schemes.  This is just the latest in a long line of shakedown tactics, which include not just using c

8153178663?profile=RESIZE_400xThe past few months have seen a new ransomware variant emerge that is being distributed by the TrickBot malware. The appearance of this new ransomware, named Conti, corresponded with an observed decrease in Ryuk deployments. This suggested that Conti is the “successor” of Ryuk. Some media outlets have also reported that Conti was an evolved version of Ryuk, suggesting that it has evolved from the RYUK source code. While this may have been true for very early samples, a Red Sky analysis of recent