Ransomware: Conti gang is still in business, despite its own massive data leak

The Conti ransomware gang is still actively running campaigns against victims around the world, despite the inner workings of the group being revealed by data leaks. 

One of the most prolific ransomware groups of the last year, Conti has encrypted networks of hospitals, businesses, government agencies and more – in many cases, receiving a significant ransom payment in exchange for the decryption key. 

Like many of the notorious cyber criminal ransomware operations, many cybersecurity experts believe that Conti runs out of Russia – and in February, members of Conti came out in support of the Russian invasion of Ukraine

Shortly after that, the Conti leaks emerged, identifying individuals involved in the gang and posting daily chat logs, hiring practices and other inner workings of the outfit. But the public disclosure of behind-the-scenes operations at Conti doesn’t appear to have stopped the gang –  cybersecurity researchers at NCC Group have detailed how cyber attacks have continued since the leaks. 

The attackers use a number of initial access vectors to gain a foothold onto networks, including phishing emails containing Qakbot trojan malware and exploiting vulnerable Microsoft Exchange Servers. Other techniques include the use of publicly available exploits, including vulnerabilities in VPN services and Log4J java

Read More: https://www.zdnet.com/article/ransomware-conti-gang-is-still-in-business-despite-its-own-massive-data-leak/#ftag=RSSbaffb68