On September 22, 2021, the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a cybersecurity advisory alerting companies to the threat of Conti ransomware.
According to the advisory, CISA and the FBI are aware of more than 400 attacks of Conti ransomware against both U.S. and international organizations. Conti attacks include exfiltrating files, encrypting servers and workstations, and demanding a ransom to return the stolen files.
Conti is considered a ransomware-as-a-service model which has “historically targeted critical infrastructure.” Conti uses techniques to attack organizations, including “spearphishing campaigns, remote monitoring and management software, the ‘PrintNightmare’ vulnerability, and remote desktop software.”
The Conti Ransomware advisory provides tips for organizations to help them prevent an attack, such as employing multi-factor authentication, implementing network segmentation, filter traffic, scanning, removing unnecessary applications and applying controls, implementing endpoint and detection response tools, restricting remote desktop protocol access, and securing user accounts.
The advisory can be accessed here.