Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Prevents Conti Ransomware

What Happened?

Conti ransomware has been in the news recently, attacking organizations around the world. Its operators, dubbed the “Conti Gang”, are yet another Ransomware-as-a-Service (RaaS) operation very similar to the recent DarkSide RaaS. They recruit attackers to deploy their ransomware in exchange for a share of the profits when victims pay. Like other ransomware gangs such as REvil, they employ double-extortion tactics whereby the malware first exfiltrates sensitive information before beginning the encryption process. To encourage the victim to pay the ransom in a timely manner, the attacker then threatens to publicly disclose or sell confidential stolen information on the dark web.

Conti ransomware has been out there for some time. First spotted in the wild in mid-2020, it even shares some code and methods with the Ryuk ransomware that continues to plague healthcare and other industries worldwide.

The Conti ransomware attack combines sophisticated attack techniques and human operators that attempt to breach the network and then spread laterally while attempting to gain administrative credentials. Once credentials are obtained, they can then deploy the ransomware, which is often the first visible sign that something is wrong.

Am I at Risk?

Ransomware gangs actively look for and prey on victims who are using legacy cybersecurity products. These solutions typically have a difficult time keeping up with modern sophisticated attacks due to their model of requiring a sample of the malware before being able to create signatures that guard against it.

Even when signatures get developed, it can then take hours or even days to get those signatures fully deployed within an enterprise network. A signature might be created to stop only a specific sample of ransomware – requiring only a slight modification of the file to render the signature unable to prevent the new malicious file from executing.

This time lag puts organizations that rely on these legacy antivirus products for protection at a higher risk than orgainizations using solutions that do not follow this model.

Even if a modern next-generation endpoint protection platform (EPP) solution is being used, do not expect that solution to be able to “restore” your data. Like many other ransomware gangs, Conti completely removes the volume shadow copy files on a system – making simple restoration impossible.

Does BlackBerry Prevent Conti Ransomware?

Yes! BlackBerry has tested many variants of the Conti family and confirmed they were successfully prevented by the current version of BlackBerry® Protect. We prevented the execution of the files using our AI engine without any updates or Internet connectivity. In fact, many of the known variants were prevented with a version of BlackBerry Protect from 2015!

Check out our demo video below:

DEMO VIDEO: BlackBerry vs. Conti Ransomware

BlackBerry’s philosophy is different from much of the industry.

We do not believe that our customers should have to suffer the effects of cyber attacks. We do not believe that there needs to be victims. We are here to protect the innocent.

EDR focused solutions work too late and do not prevent breaches. Prevention is our strategy.

Prevention IS possible. Ask BlackBerry to show you how.

BlackBerry will continue to provide further updates as our investigation progresses and more details become available.

BlackBerry Assistance

If you’re battling this or a similar threat, you’ve come to the right place, regardless of your existing BlackBerry relationship.

The BlackBerry Incident Response team is made up of world-class consultants dedicated to handling response and containment services for a wide range of incidents, including ransomware and Advanced Persistent Threat (APT) cases.

We have a global consulting team standing by to assist you providing around-the-clock support, where required, as well as local assistance. Please contact us here: https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment

Brian Robison

About Brian Robison

Brian Robison is Chief Evangelist at BlackBerry. With over 20 years of cybersecurity experience, he focuses on educating and inspiring the world. Robison hosts live Hacking Exposed events and is a regular speaker at industry events including RSA, Black Hat, and thought leadership forums like ISC2 Think Tank.