24 May 2022

Conti Ransomware Operation Shut Down After Brand Becomes Toxic

The Conti ransomware operation has undergone some significant organizational structure changes in the past months after the brand became toxic due to its affiliation with the Russian government. The Conti operation has been highly successful, helping cybercriminals make billions of dollars after breaching the systems of hundreds of major organizations. While

Read More
10 May 2022

Costa Rica in a State of Emergency: Is Conti Gang Cyber Attack a “Sphere of Influence” Shot Across the Bow?

Since yesterday, on the day when a new president took the helm in Costa Rica, a state of emergency was declared in the country based on the impact cyber-attack by the Russia-affiliated Conti Ransomware Gang.  Following is what the journalist trade calls a “tic-toc” of the incident – with a formative analysis of mitigation efforts and impacts of the attack and ongoing impact of the state of emergency.  

Read More
09 May 2022

Costa Rica declares national emergency after Conti ransomware attacks

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into

Read More
11 Apr 2022

Infamous Conti Ransomware Gang Strikes Snap-On Tools

Last month, the Conti ransomware gang added Snap-On Tools, a Wisconsin based company, to its data leak website. Recently, Conti posted roughly 1GB of files claimed to have been stolen during a breach against Snap-On Tools. Snap-On has not officially confirmed the source of the cyberattack and subsequent data breach,

Read More
06 Apr 2022

The Critical Infrastructure Defense Project: Free, Premium Cybersecurity Services Available to Hospitals and Utilities

As Western companies continue to break ties with the Russian State (as an extension of the sanctions imposed on Russia by the U.S. and NATO),  three U.S. cybersecurity companies in the U.S. are addressing the ongoing threat of potential cyber-attacks in the U.S.  by making their platforms available to critical infrastructure entities, including the energy and healthcare sectors. Crowdstrike (endpoint protection), Ping Identity (two-factor authentication) Cloudflare (DDoS attack protection, amongst other tools) are making their services available for free to high-risk, critical infrastructure such as utilities and hospitals. 

Read More
21 Mar 2022

Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code

Shortly after Russia launched its invasion of Ukraine, the notorious Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia. In response, an anonymous individual set up a Twitter account named “Conti Leaks” and started

Read More
07 Mar 2022

Russia Leaks Data From a Thousand Cuts–Podcast

Information about Russian military operations, air force capabilities, nuclear plants, and ransomware gangs has emerged on the internet. Now that Russia and Ukraine are engaging in physical conflicts, Russia’s cyber sphere has become a war zone itself. Vinny Troia, founder of ShadowByte, states that the world has been primarily focused

Read More
02 Mar 2022

Full Log4Shell Attack Chain-Enabled Conti Ransomware Gang Supports Russia; Ukrainian Gang Member Retaliates

In early February, a cybercrime crackdown by Russian authorities included the arrest of members of the REvil gang. Overall, follow-up reports suggested a growing sentiment that the Russian authorities were out to optimize the appeasement value to the U.S. of the arrests. We later suggested that the REvil Gang arrest was possibly a false flag operation. Our suggested scenario at the time:  The Russians gave up the REvil Gang while still planning to lean on non-state actors for the plausible deniability of cyberwar operations. Our latter assumption has proven true.  A few days ago, the Conti Gang announced their support for the Russian Government.

Read More
01 Mar 2022

Healthcare Org Hit By Two Ransomware Gangs At Once

Security experts at Sophos have reported a recent scenario in which two competing threat groups deployed ransomware on the victim’s network simultaneously. One of the groups was the Russia-linked Conti APT while the other is known as Karma. Karma counts Russian IP addresses among some of its top targets. The

Read More