The Conti ransomware gang has been thriving days after a Ukrainian security researcher dubbed "ContiLeaks" exposed the Russia-based ransomware group's internal chats on February 27, reports CyberScoop.
"Conti is back and still operational and will pursue more targets. They're safe and sound," said AdvIntel CEO Vitali Kremez, who said that Conti was able to perform successful data breaches at two US-based firms by Monday.
Experts also noted that Conti, which was not completely disabled during the incident, took the first few days after the leaks to move its infrastructure to new systems.
While the leaks have prompted reduced activity from Conti, it remains uncertain whether the group was totally inactive and the past few days have seen a return of botnet and command-and-control activity, said Recorded Future threat analyst Allan Liska.
Returning from significant disruptions is not uncommon among ransomware groups, according to Sophos Senior Security Adviser John Shier.
"Whenever one of these groups gets disrupted, the temptation is to celebrate a little bit, but there's always going to be that okay, well, what's next? Where are they going to pop up next, under what kind of new model potentially are they going to pop up? Because these groups can be fairly resilient," Shier said.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news