Joint Cybersecurity Advisory TLP White: Update Conti Ransomware - March 9, 2022

Conti Ransomware

SUMMARY

March 9, 2022: this joint CSA was updated to include indicators of compromise (see below) and the United States Secret Service as a co-author.

Updated February 28, 2022:

Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1000. Notable attack vectors include Trickbot and Cobalt Strike (see below for details).

While there are no specific or credible cyber threats to the U.S. homeland at this time, CISA, FBI, NSA, and the United States Secret Service (USSS) encourage organizations to review this advisory and apply the recommended mitigations.

(end of update)

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multifactor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Click here for indicators of compromise (IOCs) in STIX format.

Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

View the detailed report below