CISA and the FBI Publish Second Alert on the Conti Ransomware Group

By Bill Toulas / September 23, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) were forced to publish their second alert about the Conti ransomware group in less than six months, as the activities of the particular group of actors are on the rise again. As the alert details, the agencies have observed the deployment of Conti’s file encryption malware in more than 400 attacks on U.S. and international organizations, with a significant percentage of those resulting in a success for the hackers.

Image: TechNadu

The alert explains that Conti has various ways to break into target networks, as the RaaS is used by many affiliates who follow different tactics. Here are the most common ones that have been spotted in the wild:

The vulnerabilities that Conti actors have been exploiting lately are mainly the “Zerologon” flaw (CVE-2020-1472) in Microsoft Active Directory Domain Controller systems, the “PrintNightmare” flaw (CVE-2021-34527) in the Windows Print spooler service, and 2017 Microsoft Windows Server Message Block 1.0 server vulnerabilities. Patching these would shut the door to the actors, but CISA provides additional advice on top of that.

That would include using multi-factor authentication wherever possible, implementing network segmentation and filtering network traffic, scanning for flaws and applying updates as soon as possible, and removing unused user accounts and unnecessary applications. Finally, endpoint detection and response tools are considered a necessity today.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: