Russian Cyber Crime Group Issues A Warning

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine has been assaulted denial-of-service (DDoS) attacks and other cyber intrusions in advance of the Russian invasion and these are continuing.  In response, the Ukrainian government has called for volunteers from country’s hacker underground to help protect critical infrastructure and set up surveillance on Russian troops movements. 

Now, a Russian cyber crime group Conti, known for using ransomware to extort millions of dollars from US and European companies, has vowed to attack enemies of Russia if they respond to Russia’s invasion of Ukraine.

In a blog, the Conti group said it was announcing its “full support” for the government of President Vladimir Putin. On Thursday 24th February, the Russian military invaded neighbouring Ukraine from the north, east and south, in the biggest attack on a European state since World War Two “If anybody will decide to organise a cyber attack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read. “As a response to Western war-mongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. 

“However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” says the blog.

First detected in 2019, Conti has since been blamed for ransomware attacks against numerous US and European companies. In those incidents, Conti hackers invaded networks and encrypted data, disrupting operations and demanding payment to restore access. Among the victims were the state government  Louisiana and a New Mexico hospital, according to analysis by Emsisoft.

Conti Ransomware Group

Conti was first detected in December 2019 following  a number of apparently  of isolated  incidents over the next few months, with activity increasing significantly in mid-June 2020. Conti typically function using human-operated ransomware which typically features command line capabilities that enable operators monitoring the target environment to directly control, spread and execute the ransomware. 

This functionality gives attackers the unique ability to selectively choose to encrypt local files, network shares and/or specific IP addresses. Prior to encryption, Conti prepares the compromised system by deleting Windows Volume Shadow Copies and disabling 146 Windows services related to backup, security, database and email solutions. 

While Conti is considered a ransomware-as-a-service (RaaS) model business model, there is variation in its structure that differentiates it from a typical affiliate model. It is thought likely that Conti developers pay those affiliates who actually  deploy the ransomware a wage rather than a percentage of the criminal proceeds a from a successful attack. 

ContiNews     Reuters:     Reuters:     CISA:    :     HSToday:     Y Combinator:    Jerusalem Post:   EMISoft

You Might Also Read: 

The EU Mobilises Its Cyber Rapid Response Team To Deal With Russian Attacks


 

« Using Social Media To Track The Pandemic
Toyota Shut Down Japanese Plants In A Supply Chain Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

FoxGuard

FoxGuard

FoxGuard develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

Charterhouse Voice & Data

Charterhouse Voice & Data

Charterhouse is your trusted technology partner - designing, provisioning and supporting the technology that underpins your operations including network security and data compliance.

Adit Ventures

Adit Ventures

Adit Ventures is a venture capital firm with a focus on dynamic growth sectors including AI & Machine Learning, Big Data, Cybersecurity and IoT.

Quantropi

Quantropi

Quantropi is bound to be the standard for quantum-secure data communications – forever unbreakable, no matter what.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.

Cloud Native Computing Foundation (CNCF)

Cloud Native Computing Foundation (CNCF)

CNCF seeks to drive adoption of cloud native technologies by fostering and sustaining an ecosystem of open source, vendor-neutral projects.

Octane

Octane

Octane is an AI cybersecurity startup using machine learning to identify and fix vulnerabilities in blockchain codebases.