FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders
The Federal Bureau of Investigation (FBI) has identified at least 16 attacks linked to the Conti ransomware group. The agency stated that the attacks target healthcare and first responder organizations, aiming to disrupt their operations and networks. Targets include 911 dispatch carriers, law enforcement agencies, and emergency medical services. These entities have been attacked over the past year as they struggle to manage the Covid-19 pandemic. The FBI released a flash advisory last week claiming that Conti has been connected to 400 cyberattacks worldwide, 290 of which are located in the US.
Conti attackers use a popular tactic that aims to increase the chances of a payout: infiltrating a victim’s network, stealing confidential information, then launching ransomware to lock the network. If the ransom demands are not met, victim organizations risk the stolen data being published or sold on leak sites. The Conti ransomware group is a double-extortion criminal collective and operates its own leak sites, following in the footsteps of Sodinokibi, Nefilim, and Maze. To gain initial access to a network, Conti likely uses phishing campaigns, RDP, or previously stolen credentials. Members of the Conti group are known to call victims using single-use Voice Over Internet Protocol numbers and communicate through ProtonMail.