HC3-TLP White: Conti Ransomware Amplify Alert September 30, 2021

Executive Summary

Conti is a ransomware group that has aggressively targeted healthcare organizations since it was first observed in 2019. Conti ransomware attacks have targeted healthcare industry, major corporations and government agencies, particularly those in North America. During this type of cyber-attack, the threat actor steals sensitive data from compromised networks, encrypts the targeted organizations’ servers and workstations, and threatens to publish the stolen data unless the target pays a ransom.

Report

Joint Cybersecurity Advisory (CISA, FBI, NSA): Conti Ransomware
https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf

Impact to HPH Sector

According to their Joint Cybersecurity Advisory, CISA and the FBI have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. This impacts the HPH sector because at least 16 Conti ransomware attacks have been identified targeting US healthcare industry, first responder networks, emergency medical services, 9-1-1 dispatch centers, law enforcement agencies, and municipalities.

HC3 is aware of the Conti operators aggressively targeting healthcare and public health targets and fully expects this trend to continue. To secure systems against Conti ransomware, CISA/NSA/FBI recommends implementing mitigations from their Joint Cybersecurity Advisory.

References

CISA: Alert (AA21-265A) Conti Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-265a

FBI FLASH: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
https://www.cisa.gov/sites/default/files/Conti%20Ransomware%20Heathcare%20networks.pdf

Joint Cybersecurity Advisory(CISA, FBI, NSA): Conti Ransomware
https://us-cert.cisa.gov/sites/default/files/publications/AA21-265A-Conti_Ransomware_TLP_WHITE.pdf

Contact Information

If you have any additional questions, please contact us at HC3@hhs.gov.

View the entire report below.