In May of this year, the FBI released an alert about the considerable increase in attacks carried out by the Conti Ransomware. They use the RaaS (Ransomware as a Service), which is a way of outsourcing the spread of this ransomware, amplifying the number of attacks exponentially. They are evolving this type of service, instead of paying just a commission to collaborators, they pay a monthly fee, making them affiliates.
The FBI reported an increase of 400 attacks by CONTI Ransomware in the last month, targeting companies around the world, prompting the FBI to release the alert.
They act like all other ransomware, they lock files with encryption and demand payment of a ransom amount to release data. In addition to blocking, they threaten to leak the files if the ransom is not paid within the stipulated time.
According to the FBI, the main gaps that this ransomware uses are:
- Spear phishing campaigns using personalised emails that contain malicious attachments or malicious links;
- Malicious attachments often contain embedded scripts that can be used to download or discard other malware – such as TrickBot and IcedID and/or Cobalt Strike – these malwares support the attack lifecycle with the ultimate goal to deploy the CONTI Ransomware;
- Weak or stolen Remote Desktop Protocol (RDP) credentials;
- Phone calls;
- Fake software promoted through search engine optimisation;
- Other malware distribution networks (eg ZLoader); and
- Common vulnerabilities in external assets.
The risk of an attack from this ransomware is real, so Digital Recovery strives to develop technologies capable of recovering files encrypted by ransomware of any extension.
Recover files encrypted by CONTI ransomware
The recovery of encrypted files is possible thanks to the Tracer, which is an exclusive technology from Digital Recovery. By doing thousands of calculations it can locate, repair, reconstruct and, thus, recover data without the need for a decryption key.
We know how delicate this situation is, so the entire process is done in a completely discreet manner and the entire process is in accordance with the GDPR (General Data Protection Regulation) and we can also sign an NDA (Non-Disclosure Agreement) in order to bring guarantees that the case will not be disclosed.
Only a few companies around the world are capable of making this kind of recovery, which is why many say it is impossible, which in fact it was until a few years ago. But, we never accepted this as an absolute truth, it was just another barrier to be overcome, and afterall we were able to develop the solution. Since then, we’ve helped companies save more than US$ 20 million by not paying the ransom requested by cybercriminals.
If you have been attacked by Conti Ransomware, contact our experts and see what we can do for you.