Russian Cyber Crime Group Issues A Warning

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine has been assaulted denial-of-service (DDoS) attacks and other cyber intrusions in advance of the Russian invasion and these are continuing.  In response, the Ukrainian government has called for volunteers from country’s hacker underground to help protect critical infrastructure and set up surveillance on Russian troops movements. 

Now, a Russian cyber crime group Conti, known for using ransomware to extort millions of dollars from US and European companies, has vowed to attack enemies of Russia if they respond to Russia’s invasion of Ukraine.

In a blog, the Conti group said it was announcing its “full support” for the government of President Vladimir Putin. On Thursday 24th February, the Russian military invaded neighbouring Ukraine from the north, east and south, in the biggest attack on a European state since World War Two “If anybody will decide to organise a cyber attack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read. “As a response to Western war-mongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. 

“However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” says the blog.

First detected in 2019, Conti has since been blamed for ransomware attacks against numerous US and European companies. In those incidents, Conti hackers invaded networks and encrypted data, disrupting operations and demanding payment to restore access. Among the victims were the state government  Louisiana and a New Mexico hospital, according to analysis by Emsisoft.

Conti Ransomware Group

Conti was first detected in December 2019 following  a number of apparently  of isolated  incidents over the next few months, with activity increasing significantly in mid-June 2020. Conti typically function using human-operated ransomware which typically features command line capabilities that enable operators monitoring the target environment to directly control, spread and execute the ransomware. 

This functionality gives attackers the unique ability to selectively choose to encrypt local files, network shares and/or specific IP addresses. Prior to encryption, Conti prepares the compromised system by deleting Windows Volume Shadow Copies and disabling 146 Windows services related to backup, security, database and email solutions. 

While Conti is considered a ransomware-as-a-service (RaaS) model business model, there is variation in its structure that differentiates it from a typical affiliate model. It is thought likely that Conti developers pay those affiliates who actually  deploy the ransomware a wage rather than a percentage of the criminal proceeds a from a successful attack. 

ContiNews     Reuters:     Reuters:     CISA:    :     HSToday:     Y Combinator:    Jerusalem Post:   EMISoft

You Might Also Read: 

The EU Mobilises Its Cyber Rapid Response Team To Deal With Russian Attacks


 

« Using Social Media To Track The Pandemic
Toyota Shut Down Japanese Plants In A Supply Chain Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.

ITConnexion

ITConnexion

ITConnexion is an Australian-based Managed IT Service with over 20 years of experience. We offer a complete IT management service for non-profits, SMEs, and enterprises.