Conti has put Italian companies in the crosshairs of its ransomware

Conti has put Italian companies in the crosshairs of its ransomware

Azimut Benetti. The Tuscan yacht builder is the latest attack claimed in Italy by the Conti ransomware gang. The group of cybercriminals announced the violation against the Viareggio shipyard, which specializes in luxury ships and yachts up to 100 meters in length, on March 17, as emerges from a screenshot published on Twitter by cyber researcher Claudio Sono. Since the beginning of the year, Conti, one of the most active ransomware gangs on the net, has already targeted a number of small and medium-sized enterprises in Italy. While last year almost a quarter of the victims of ransomware attacks in Italy observed by Palo Alto Networks, one of the main cybersecurity companies in the world, is attributable to the hand of Conti. We are talking about 24 companies, according to the data extracted for The sectors most affected are food, machinery manufacturing and professional services.

Twitter content This content can also be viewed on the site it originates from.

Conti's business 2021 was a golden year for Conti. Chainalysis, a company that analyzes the world of cryptocurrencies, estimates that the gang was the one that grossed the most profits: 180 million dollars extorted. According to Palo Alto Networks (data is from the latest ransomware threat report, compiled by its Unit 42), Conti is responsible for most of the attacks observed by its specialists in 2021: 15.5% globally. "He also published the names of 511 organizations on his Dark Web site, confirming himself as the most" active "of all the groups identified", write from Unit 42. In second place, with a share of 7.8%, is REvil , which in common with Conti has roots in Russia, and the ransomware-as-a-service model, essentially, affiliates can use gang-developed ransomware attacks for a fee.

Content This content can also be viewed on the site it originates from.

Here if you can't see the graph Only in Europe, according to cybercriminals' ads online to extort money from victims , in 2021 Conti claimed the highest number of violations among cybercriminal groups: 147. Second is Lockbit 2.0, a gang located in Eastern Europe, with 117 extortions. In Italy, Conti has registered almost one violation out of every four of the 100 observed by Unit 42 of Palo Alto Netowkrs (fourth after the United Kingdom, France and Germany). Last year, the victims of her attacks were potato chip and snack maker San Carlo and toy company Clementoni. In September 2021 the Computer security incident response team (CSIRT), in the galaxy of the newly formed National Cybersecurity Agency (Acn), issued a warning on the resurgence of the group's activities, in the wake of reports from the US authorities.

Palo Alto Networks considers Conti one of the most unscrupulous gangs. Its affiliates operate "without a code of honor", they attack hospitals and emergency services (the heaviest is that of the Irish Health Service in 2021, with damage estimated at 100 million euros), they use the mechanism, like others. of double extortion. First they ask you for a ransom to decrypt the exfiltrated data, then, if the negotiations do not unblock, they demand money not to publicly disclose the information.

WiredLeaks, how to send us an anonymous report Read the article Support to Putin and the internal leak On February 25, immediately after the beginning of the invasion of Ukraine by Russia, Conti publishes an announcement in which he takes sides with the Kremlin and threatens anyone who gets in the way. A few hours pass and the message is rectified and resized. The omelette at the Conti house, however, is done. Although the gang has roots in Russia, it has branched out around the world and a Ukrainian infiltrator responded to the pro-Moscow stance by publishing 13 months of inside information: 60,000 messages exchanged between members of the group, 150 bitcoin wallets, usernames, IP addresses.

Content This content can also be viewed on the site it originates from.

Here if you can't see the graph As Uk explains, it emerges that “the functioning of Conti resembles that of many companies in the world. The organization has several departments, from human resources to administration, from programmers to researchers. It has policies that guide cybercriminals in developing the code and shares best practices for avoiding law enforcement. " Guerre di Rete observes that the mere fact that the role of human resources manager "is clearly defined and assigned is an important step forward for organizations of this type".

In 2021, according to Palo Alto, Conti has greatly raised the bar of his extortion. The average is 1.78 million dollars, against a starting request of 118 thousand observed in 2020. The forecast in 2022 is that the ransomware industry will sharpen its weapons even more. For Palo Alto, the mechanisms of psychological pressure on victims will be exploited even more, through double extortion techniques and threats to the reputation of companies. Conti, according to what emerges from the chat viewed by UK, would also have had a journalist on the payroll to corner the victims.

The other risk factor is the ransomware-as-a-service business model, which lowers the bar of technical preparation to launch an attack and expands the range of breaches. For James Blake, technical manager for security in the European area, Africa and the Middle East at Rubrik, a security company, "this democratization raises the risk profile of ransomware to another level, also increasing the frequency component of the risk".

Powered by Blogger.