{"id":7527,"date":"2021-07-07T20:13:45","date_gmt":"2021-07-08T03:13:45","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7527"},"modified":"2023-04-05T12:39:12","modified_gmt":"2023-04-05T19:39:12","slug":"is-conti-ransomware-on-a-roll","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/is-conti-ransomware-on-a-roll\/","title":{"rendered":"Is Conti Ransomware on a Roll?"},"content":{"rendered":"

{Update\u00a0September 2021}:\u00a0<\/strong>The Conti group that started trending early this year, is still going strong. In a newly disclosed<\/a> data breach from June 2021, SAC Wireless, a US-based Nokia subsidiary, reported 250 GB of data stolen and encrypted systems.<\/p>\n

 <\/p>\n

{Update August 2021}: <\/strong>In a recent development in early August 2021, a disgruntled Conti RaaS affiliate leaked<\/a> some of the gang\u2019s core training material, as he was unsatisfied with his cut for a ransomware attack. The publicly available data includes Cobalt Strike C2 IP addresses and ransomware attack tools and training details, all the more reason for organizations to watch out for all possible attack vectors weaponized by the Conti group.<\/p>\n

 <\/p>\n

The Conti group is associated with three vulnerabilities. If these had taken precedence in the CVE patching priority, the series of Conti attacks could have been avoided.<\/strong><\/p>\n

CVE-2020-0796 and CVE-2018-13379 were warned against in CSW\u2019s Ransomware Reports<\/a> published in February and May 2021.<\/p><\/blockquote>\n

Let us take a look at the different recent incidents in which the Conti group has been involved.<\/p>\n

\"Conti<\/p>\n

The Ireland HSE incident shook the health industry, closely following in the wake of the Oil industry\u2019s Colonial Pipeline attack; IT systems had to be shut down, leading to chaos in rendering regular health services. Exagrid paid a $2.6M ransom<\/a> in the form of 50.75 Bitcoins for a decryption tool and to prevent data from being leaked. In more recent updates in the last week of June 2021, Conti claimed responsibility for an attack on the city of Tulsa in early May, leaking over 18,000 city files on the Dark Web. Three Canadian companies – an Internet provider and an engineering firm, both from Ontario, and a Quebec-based insurance broker – have also fallen victim to the group<\/a>, according to Conti’s website.<\/p>\n\n\n\n
\n

\u00a0 \u00a0Conti – A Cheat Sheet<\/strong><\/h2>\n

\u00a0 \u00a0 \u00a0We analyzed three CVEs being exploited by the Conti group – CVE-2020-0796,
\nCVE-2018-13374, CVE-2018-13379, and here is our analysis about them –<\/p>\n