BleepingComputer reports that the Conti ransomware group has completed its shutdown with the dismantling of its two Tor servers for data leaks and ransomware negotiations.
Conti was reported by threat intelligence analyst Ido Cohen to have shut down its servers on Wednesday, with BleepingComputer confirming that the servers remained offline yesterday. Conti has been taking apart its infrastructure since last month following the exposure of its internal chats and ransomware encryptor source code while its members began transitioning to other ransomware groups but did leave one member to continue threatening Costa Rica.
"The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived," said Advanced Intel in a report last month.
Despite Conti's apparent shutdown, Yelisey Boguslavskiy of Advanced Intel noted the syndicate's continued operation in smaller groups.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.