Conti ransomware attacks persist despite leaks

ZDNet reports that the Conti ransomware gang has continued operations despite being made vulnerable by the recent leak of the group's communications and hiring practices after it had expressed support for Russia's invasion of Ukraine. Various initial access vectors have been leveraged by Conti, including Qakbot malware-laced phishing messages and attacks on unpatched Microsoft Exchange servers, as well as the exploitation of VPN and Log4j vulnerabilities and other publicly available exploits, according to an NCC Group report. The Conti ransomware group has also persisted in exfiltrating substantial amounts of data and encrypting networks as they conduct double extortion attacks. Continued use of such tactics should prompt organizations to ensure immediate patching of known security flaws. The report also urged businesses to implement strong password policies and multi-factor authentication. Moreover, information security teams have also been advised to conduct network monitoring to promptly flag potentially suspicious activity and prevent ransomware attacks.