Ransomware is where malware infects a computer system and encrypts the files then demands a ransom for the unlock key.
These criminals typically target larger companies but it can happen to anyone, including private citizens.
The criminal organisers of Conti have created a paid service whereby criminals have access to the relevant malware and means of attack and Conti run the ransomware leak site and extortion.
It is easily identified, as during the encryption process, all files encrypted are changed to a “.conti” file extension.
So, Conti is a set of tools to make it easy for other criminals to run these extortion operations on a large scale.
Once the encryption has completed a file named conti.txt is left on the relevant computer desktops.
The message states that files been encrypted and that payment is required to release them. It also warns the computer users must not try to decrypt the files themselves.
If the victim pays, then sometimes the decryption key is provided and other times nothing further is heard from the criminals, leaving the victim without their files.
If organisations and individuals follow best practice and keep copies elsewhere of their important files, then getting their data back may just be an inconvenience but if there are no other copies of the data then it can be a big loss and this can lead to customer’s losing trust and moving their business elsewhere.
Recently Conti has also moved to the use of leak sites.
In these cases Conti start to publish the victim’s documents publicly – anything that could be damaging to them.
Recently, Conti added the Scottish Environment Protection Agency (SEPA) to its list of victims and they published various documents from SEPA.
The Conti malware typically gets into the victim’s computers as a PDF document opened by someone on their email. The malware then spreads itself around the organisation and starts to encrypt data.
All organisations and users must backup all important documents and data as that is the safest way to avoid being struck down by such an attack.
If you have any experiences with these scams do let me know, by email.