BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
CISA updates the Conti ransomware alerts. The cybersecurity experts add near 100 domains used in malicious operations, still active. Cybercrime actors steal and encrypt data, then exploit the double extortion scheme
Conti ransomware gang is using dozens of new domain names to hit the targets. That’s why, the US Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on the malware with indicators of compromise (IOCs), consisting of close to 100 domain names used in malicious operations. According the researchers, Conti cyber threat actors remain active and reported attacks against U.S. and international organizations have risen to more than 1,000. Notable attack vectors include Trickbot and Cobalt Strike. Threat actors often use the open-source Rclone command line program for data exfiltration. After they steal and encrypt the victim’s sensitive data, they employ a double extortion technique in which they demand the victim pay a ransom for the release of the encrypted data and threaten the victim with public release of the data if the ransom is not paid.