Tag Archives: Conti

Reward for Conti Up To $15m

In may, we announced that The Department of State is offering a reward of up to $10M for information leading to the identification and/or location of any leaders of the Conti ransomware group. Additional $5M reward for any information conspiring Conti.

On 25th of July, The Department of State increased the reward to $15M for information that could identify Conti members. Additional $5M offering for data that will allow to arrest the members is also still existing.

Conti has involved lots of cyber attacks.

Wanted Conti!

Ransomware is a growing danger day by day and unfortunately, no permanent measures can be taken against these attacks. It seems like for now, the USA seems to apply the most correct non-technical method against Ransomware attacks.

The Department of State is offering a reward of up to $10M for information leading to the identification and/or location of any leaders of the Conti ransomware group. Additional $5M reward for any information conspiring Conti. The statement was published on 6th of May.

According to several reports, annual income of Conti is about more than $150M and it seems like they are located in Russia.

We think that rewarding is an important measure against ransomware groups because although a lot of technical measures have been taken and talked about, the cases are increasing day by day. With this reward action, Conti members are likely to be exposed in a few months. We will see together whether such a measure will work.

Conti CVEs Leaked

On 27th of February, a member of Conti threat group started leaking data from the group, after Conti group announced that they are fully supporting Russia against Ukraine. Leakage process is still going on via “ContiLeaks” Twitter account.

Leakage started with unencrypted chat messages between Conti members. On 1st of March, the threat actor shared access information to several Conti storage servers and some screenshots of the folders in server.

On 4th of March, another Twitter account @c3rb3ru5d3d53c shared the vulnerabilities that Conti is using to compromise the systems with the screenshot below.

Conti has harmed many organizations and continues to do so. We know that even in February alone, they hacked many organizations and managed to get their data out.

As can be seen in the screenshot, the threat group is using vulnerabilities that already has patch, instead of using very sophisticated techniques. This situation shows us, even very simple vulnerability management can prevent most of these attacks. Even scanning with free tools and patching the vulnerabilities really can prevent your system actively. So, this sharing from @c3rb3ru5d3d53c Twitter account was very important for us because it shows us that even very simple measures can prevent big problems.

Latest News about Russia & Ukraine Cyber War

Before Russian troops entered Ukraine, both government and companies of Ukraine faced several cyber attacks. While these cyber attacks are expected to spread all over the world, the attacks on Ukraine continue. A few days ago, according to Reuters, Ukraine asks hackers to help defending its cyber structure. “The government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project” said Reuters. “Ukrainian cyber community! It’s time to get involved in the cyber defense of our country,” said in the post..

While all this is happening, Anonymous, international hacking collective announced they support Ukraine and has declared war against Russia. After this statement, we saw that several Russian government and company websites faced issues.

As recent progress, Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel as a phishing campaign. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals.. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages” the CERT-UA said.

Before, in November, Mandiant announced that UNC1151 Assessed with High Confidence to have Links to Belarus government. UNC is a naming of Mandiant for the threat actors that under investigation, but not yet matched to an existing group. and Ukraine now blames UNC1151 group for these attacks.

UNC1151 has targeted a wide variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany,” Mandiant researchers said in the report. “The targeting also includes Belarusian dissidents, media entities, and journalists.

Another statement on the subject, some threat actors behind Conti ransomware posted a warning Friday that said it was “officially announcing a full support of Russian government.” Previously, Mandiant announced that “at least a portion of actors involved with Conti ransomware are based in Russia“. As in the past, it seems that Russian government is taking advantage of their talents.

What is CONTI?

CONTI is a Windows ransomware family that has been used in recent years. Later, a linux version was also encountered. Until today, many different people using this ransomware were encountered in the Russian forums.