Conti ransomware has been in the news recently, attacking organizations around the world. Its operators, dubbed the “Conti Gang”, are yet another Ransomware-as-a-Service (RaaS) operation very similar to the recent DarkSide RaaS. They recruit attackers to deploy their ransomware in exchange for a share of the profits when victims pay. Like other ransomware gangs such as REvil, they employ double-extortion tactics whereby the malware first exfiltrates sensitive information before beginning the encryption process. To encourage the victim to pay the ransom in a timely manner, the attacker then threatens to publicly disclose or sell confidential stolen information on the dark web.
Conti ransomware has been out there for some time. First spotted in the wild in mid-2020, it even shares some code and methods with the Ryuk ransomware that continues to plague healthcare and other industries worldwide.
The Conti ransomware attack combines sophisticated attack techniques and human operators that attempt to breach the network and then spread laterally while attempting to gain administrative credentials. Once credentials are obtained, they can then deploy the ransomware, which is often the first visible sign that something is wrong.
Am I at Risk?
Ransomware gangs actively look for and prey on victims who are using legacy cybersecurity products. These solutions typically have a difficult time keeping up with modern sophisticated attacks due to their model of requiring a sample of the malware before being able to create signatures that guard against it.
Even when signatures get developed, it can then take hours or even days to get those signatures fully deployed within an enterprise network. A signature might be created to stop only a specific sample of ransomware – requiring only a slight modification of the file to render the signature unable to prevent the new malicious file from executing.
This time lag puts organizations that rely on these legacy antivirus products for protection at a higher risk than orgainizations using solutions that do not follow this model.
Even if a modern next-generation endpoint protection platform (EPP) solution is being used, do not expect that solution to be able to “restore” your data. Like many other ransomware gangs, Conti completely removes the volume shadow copy files on a system – making simple restoration impossible.
Does BlackBerry Prevent Conti Ransomware?
Yes! BlackBerry has tested many variants of the Conti family and confirmed they were successfully prevented by the current version of BlackBerry® Protect. We prevented the execution of the files using our AI engine without any updates or Internet connectivity. In fact, many of the known variants were prevented with a version of BlackBerry Protect from 2015!
Check out our demo video below: