Categories: Security Tips

Beware of Conti Ransomware – A Possible Successor of Ryuk

As per the latest security news, security experts have found new ransomware – Conti Ransomware: it is believed that the newly identified malware has similar traits like Ryuk.

First discovered in Dec 2019, Conti ransomware is targeting corporate networks and is a most advanced and quicker version of the well known Ryuk ransomware. Ever since its inception, the malware is spreading its roots all over.

Its modus-operandi is similar to any other ransomware, It exploits enterprise-level network connections to gain full control of the domain admin credentials. Once it gains full admin privilege, it threatens its victim to encrypt and lock the data stored on the victim’s device.

Underlying Connection Between Conti & Ryuk

Based on the analysis report of Vitali Kremez from SentinelLabs, Conti is a possible successor of the age-old Ryuk ransomware because of the following underlying reasons:

  • Conti ransomware is based on the code used by the second version of Ryuk.
  • In addition to this, the ransom message used by Conti is similar to those used by Ryuk in its earlier attacks.
  • Moreover, the use of Trickbot infrastructure in both the variants also hints at the link between the two. Over time the decrease in the number of attacks by Ryuk has been balanced by the increase in the attacks carried by Conti Ransomware.

Interesting Facts About Conti Ransomware

  1. To start with, the malicious ransomware will block all major windows services associated with email, backup, security, and database.
  2. In the next step, it clears all the Shadow Volume copies and starts the encryption process.
  3. “.Conti” extension is used to encrypt files and a CONTI_README.txt is placed to display the ransom note.
  4. It uses an AES-256 encryption code to lock individual files which are then encrypted with RSA-4096 public key in a bundled form.
  5. It uses two types of encryption arguments. Firstly: It targets local drivers with “–encrypt_mode local” argument, Secondly: it uses “–encrypt_mode network” to encrypt the entire network in one go.
  6. In addition to this, it can also encrypt a list of host IP addresses using the “-h” argument.
  7. For quicker and faster encryption, Conti deploys a 32 thread encryption mechanism which also makes the system slow and sluggish.
  8. Apart from this, it also exploits the “Windows Restart Manager” which blocks normal functioning and prevents the encrypted files from opening.

Distinguishing Features: The RSA code used to encrypt victims’ files is different per victim and the ransom note has very minimal details.

Looking at the working of this malicious malware, organizations must take all the necessary steps to prevent it in the first place. Here are a few methods that security experts recommend to follow.

Preventive and Safety Measures

  • Create a system backup regularly.
  • Protect your device using strong firewall protection along with a system security suite.
  • Avoid opening suspicious attachments and refrain from liking on unknown links.
  • Update your device to patch security loopholes and enjoy enhanced system protection.
  • Use an Ad-blocker tool to block infected ads from getting displayed on your device.
  • Always use a strong VPN connection.
Adrian

Recent Posts

Block Spotify Ads: Is it Worth and Legal? Useful Tips

As a Spotify Free user, you might feel like you want to block Spotify ads. This could be because they…

1 year ago

Hacked Spotify Account? Tips to Regain Access

As it is one of the most popular digital music, podcast, and video services, a hacked Spotify account may be…

1 year ago

Learn about Cracking. Essential Security Tips to Keep It Away

You may, or may not have heard about cracking. Either way, you should be aware of this threat, and learn…

1 year ago

What Is Victim Fraud Shame? Useful Tips to Fight Against It

Victim fraud shame is a very dangerous thing that may happen to those who become online victims. Some of them…

1 year ago

Five Steps to Stay Safe Online. Essential Security Tips

We assume that everybody wants to stay safe online. For this, some simple, still very important rules should be followed.…

1 year ago

How to Report Cybercrime? Become a Security Hero

Have you ever thought about how you could report Cybercrime? Maybe you or one of your friends became the victim…

1 year ago