03 Jun 2022

Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions

Krebs on Security recently released a post discussing Costa Rica’s involvement in the Conti ransomware group’s larger plans for the future. Last week, Costa Rica’s national health service was hacked by a Russian ransomware group referred to as Hive, just weeks after the country entered a state of emergency in

Read More
17 May 2022

US Manufacturing Giant Parker Hit by Conti Ransomware Gang

Parker-Hannifin Corporation, a US manufacturing company, has confirmed that it was impacted by a data breach that has exposed employees’ personally identifiable information (PII). According to the firm, Conti ransomware actors published the stolen data last month after claiming responsibility for the attack. Parker-Hannifin is one of the largest motion

Read More
10 May 2022

Costa Rica in a State of Emergency: Is Conti Gang Cyber Attack a “Sphere of Influence” Shot Across the Bow?

Since yesterday, on the day when a new president took the helm in Costa Rica, a state of emergency was declared in the country based on the impact cyber-attack by the Russia-affiliated Conti Ransomware Gang.  Following is what the journalist trade calls a “tic-toc” of the incident – with a formative analysis of mitigation efforts and impacts of the attack and ongoing impact of the state of emergency.  

Read More
10 May 2022

The U.S. State Department Offers a $10 Million Bounty for Information about Conti Ransomware Gang Members

The Department of State is offering a reward of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group. In addition, the Department is also offering a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident.

Read More
06 Apr 2022

Conti gang is still in business, despite its own massive data leak

According to security researchers, the Conti ransomware gang is still actively conducting hacking campaigns against victims across the globe despite a major data leak that revealed much of the inner workings of the group. Conti was one of the most prolific ransomware groups of 2021, attacking hospitals, businesses, government agencies,

Read More
15 Mar 2022

Staff Think Conti Group Is a Legit Employer

After a week-long deep dive into data pertaining to the notorious Conti ransomware gang, BreachQuest has determined that the group’s members believe they are working for a legitimate company. Ukrainian gray-hat hacker ContiLeaks has been exposing information pertaining to the hacking group since late February, allowing researchers to comb over

Read More
02 Mar 2022

Full Log4Shell Attack Chain-Enabled Conti Ransomware Gang Supports Russia; Ukrainian Gang Member Retaliates

In early February, a cybercrime crackdown by Russian authorities included the arrest of members of the REvil gang. Overall, follow-up reports suggested a growing sentiment that the Russian authorities were out to optimize the appeasement value to the U.S. of the arrests. We later suggested that the REvil Gang arrest was possibly a false flag operation. Our suggested scenario at the time:  The Russians gave up the REvil Gang while still planning to lean on non-state actors for the plausible deniability of cyberwar operations. Our latter assumption has proven true.  A few days ago, the Conti Gang announced their support for the Russian Government.

Read More
21 Dec 2021

Conti Ransomware Gang Has Full Log4Shell Attack Chain

According to new reports, the sophisticated Russia-based Conti ransomware group has become the first group to weaponize Log4j2 with a full attack chain. Last week, the group became the first professional cybercrime group to adopt the Log4Shell vulnerability and has since built up a holistic attack chain, according to researchers.

Read More
09 Aug 2021

Angry Affiliate Leaks Conti Ransomware Gang Playbook

An affiliate of the Conti Ransomware gang has allegedly leaked several pieces of sensitive information regarding the threat actor, such as IP addresses for Cobalt Strike C2 servers, training materials, and numerous tools. Together, the information reveals how the group conducts its malicious attacks. The individual released the information after

Read More
24 May 2021

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders

The Federal Bureau of Investigation (FBI) has identified at least 16 attacks linked to the Conti ransomware group. The agency stated that the attacks target healthcare and first responder organizations, aiming to disrupt their operations and networks. Targets include 911 dispatch carriers, law enforcement agencies, and emergency medical services. These

Read More