Russian Cyber Crime Group Issues A Warning

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine has been assaulted denial-of-service (DDoS) attacks and other cyber intrusions in advance of the Russian invasion and these are continuing.  In response, the Ukrainian government has called for volunteers from country’s hacker underground to help protect critical infrastructure and set up surveillance on Russian troops movements. 

Now, a Russian cyber crime group Conti, known for using ransomware to extort millions of dollars from US and European companies, has vowed to attack enemies of Russia if they respond to Russia’s invasion of Ukraine.

In a blog, the Conti group said it was announcing its “full support” for the government of President Vladimir Putin. On Thursday 24th February, the Russian military invaded neighbouring Ukraine from the north, east and south, in the biggest attack on a European state since World War Two “If anybody will decide to organise a cyber attack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read. “As a response to Western war-mongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. 

“However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” says the blog.

First detected in 2019, Conti has since been blamed for ransomware attacks against numerous US and European companies. In those incidents, Conti hackers invaded networks and encrypted data, disrupting operations and demanding payment to restore access. Among the victims were the state government  Louisiana and a New Mexico hospital, according to analysis by Emsisoft.

Conti Ransomware Group

Conti was first detected in December 2019 following  a number of apparently  of isolated  incidents over the next few months, with activity increasing significantly in mid-June 2020. Conti typically function using human-operated ransomware which typically features command line capabilities that enable operators monitoring the target environment to directly control, spread and execute the ransomware. 

This functionality gives attackers the unique ability to selectively choose to encrypt local files, network shares and/or specific IP addresses. Prior to encryption, Conti prepares the compromised system by deleting Windows Volume Shadow Copies and disabling 146 Windows services related to backup, security, database and email solutions. 

While Conti is considered a ransomware-as-a-service (RaaS) model business model, there is variation in its structure that differentiates it from a typical affiliate model. It is thought likely that Conti developers pay those affiliates who actually  deploy the ransomware a wage rather than a percentage of the criminal proceeds a from a successful attack. 

ContiNews     Reuters:     Reuters:     CISA:    :     HSToday:     Y Combinator:    Jerusalem Post:   EMISoft

You Might Also Read: 

The EU Mobilises Its Cyber Rapid Response Team To Deal With Russian Attacks


 

« Using Social Media To Track The Pandemic
Toyota Shut Down Japanese Plants In A Supply Chain Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.