Ransomware Group Finds New Way To Exploit Victims

THE AUTHOR

Keith Ward
October 29, 2021

Ransomware Group Finds New Way To Exploit Victims

In business, when one profit stream slows down and starts to dry up, other revenue streams have to be found. This is true even of ransomware, which is big business these days. That may be why the notorious group Conti is branching out into a potentially new area—selling data from victims to the highest bidder.

As first reported by the site KrebsOnSecurity, Conti has started advertising access to organizations it’s compromised. The KrebsOnSecurity article posted a screenshot of the “Conti News” site, with the name of the victim company obscured.

“We are looking for a buyer to access the network of this organization and sell data from their network,” reads the identical message beneath each victim’s name. It also lists a bit of information about the victim, for instance:

  • <obscured name> is the leading provider of fully integrated education and packaging solutions  in the MENA region
  • <obscured name> is a world leading manufacturer of stainless steel storage and processing vessels…
  • <obscured name> Family-owned commercial printer

The postings could indicate that Conti is raking in less money through its regular methods of extortion. This is speculation, since no details of its finances are publicly available, but it is true that fewer companies are paying demanded ransoms these days. SC Media reported that one law firm that works with clients victimized by ransomware said that as recently as two years ago, more than half their clients paid a ransom. This year, less than 30% will.  

Shifting Ransomware Strategies

If that trend is more broadly seen in the industry, it may signal a shift in strategy, forcing criminals to be more creative in its extortion attempts.

(Editor’s Note: The ActualTech Media has just published a book—Ransomware: Understand. Prevent. Recover.—with a wealth of information to help survive a ransomware attack.)

Conti is known in the industry as one of less scrupulous ransomware groups. Even among cybercriminals, they will do what many others won’t, taking down such critical services as hospitals, 911 call centers, and law enforcement agencies.

In May 2021, Conti attacked Ireland’s entire healthcare system, forcing the shutdown of all its networks. Conti is also infamous for its “double ransom” methodology. In this type of attack, payment is demanded for two actions:

1) Providing a decryption key to recover locked files

2) Keeping the criminals from publicly posting private, sensitive information—credit card numbers, health details, social security numbers, and so on—stolen from the victim

What this means for organizations worried about ransomware is that it’s important to keep a close eye on trends in how the Bad Guys are operating. The types of attacks you see will continue to evolve, and will necessitate different types of defenses and reactions to attacks.

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

envelope
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link
Powered by Social Snap