Dark Reading -
A leak of a purported tutorial from the Conti ransomware gang for turning compromised machines into ransomware beachheads provides a rare look inside the operations of a popular cybercriminal syndicate and highlights the tenuous relationships between groups in the cybercriminal ecosystem.
Threat experts at Cisco Talos this week provided a full English translation of the playbook, which came to light last month, allegedly after a disgruntled “affiliate” leaked the location of the server controlling compromised machines and more than 100MB of tools and documents. The playbook focuses on a number of popular tools — such as Cobalt Strike, Mimikatz, and PowerShell — and tells affiliates, low-level cybercriminals who infect systems for a cut of the profits, how to find exploits for common vulnerabilities.
Overall, the playbook gives an insight into the operations of a well-organized ransomware group, from searching for company revenue to methods of exfiltrating data, says Nick Biasini, global lead for outreach at Cisco
The post Translated Ransomware Playbook Gives Rare Insight into Gang's Operation first appeared on Dark Reading.