Russian Cyber Crime Group Issues A Warning

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine has been assaulted denial-of-service (DDoS) attacks and other cyber intrusions in advance of the Russian invasion and these are continuing.  In response, the Ukrainian government has called for volunteers from country’s hacker underground to help protect critical infrastructure and set up surveillance on Russian troops movements. 

Now, a Russian cyber crime group Conti, known for using ransomware to extort millions of dollars from US and European companies, has vowed to attack enemies of Russia if they respond to Russia’s invasion of Ukraine.

In a blog, the Conti group said it was announcing its “full support” for the government of President Vladimir Putin. On Thursday 24th February, the Russian military invaded neighbouring Ukraine from the north, east and south, in the biggest attack on a European state since World War Two “If anybody will decide to organise a cyber attack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read. “As a response to Western war-mongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world. We do not ally with any government and we condemn the ongoing war. 

“However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” says the blog.

First detected in 2019, Conti has since been blamed for ransomware attacks against numerous US and European companies. In those incidents, Conti hackers invaded networks and encrypted data, disrupting operations and demanding payment to restore access. Among the victims were the state government  Louisiana and a New Mexico hospital, according to analysis by Emsisoft.

Conti Ransomware Group

Conti was first detected in December 2019 following  a number of apparently  of isolated  incidents over the next few months, with activity increasing significantly in mid-June 2020. Conti typically function using human-operated ransomware which typically features command line capabilities that enable operators monitoring the target environment to directly control, spread and execute the ransomware. 

This functionality gives attackers the unique ability to selectively choose to encrypt local files, network shares and/or specific IP addresses. Prior to encryption, Conti prepares the compromised system by deleting Windows Volume Shadow Copies and disabling 146 Windows services related to backup, security, database and email solutions. 

While Conti is considered a ransomware-as-a-service (RaaS) model business model, there is variation in its structure that differentiates it from a typical affiliate model. It is thought likely that Conti developers pay those affiliates who actually  deploy the ransomware a wage rather than a percentage of the criminal proceeds a from a successful attack. 

ContiNews     Reuters:     Reuters:     CISA:    :     HSToday:     Y Combinator:    Jerusalem Post:   EMISoft

You Might Also Read: 

The EU Mobilises Its Cyber Rapid Response Team To Deal With Russian Attacks


 

« Using Social Media To Track The Pandemic
Toyota Shut Down Japanese Plants In A Supply Chain Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Virtual IT Group (VITG)

Virtual IT Group (VITG)

VITG is a cyber security-focused Managed Service Provider (MSP).