BleepingComputer reports that more than 40 companies around the world have been compromised by Conti ransomware affiliates in the ARMattack campaign from Nov. 17 to Dec. 20, 2021, making it one of the group's "most productive" hacking campaigns.
U.S.-based companies were most impacted by the ARMattack hacking spree, while attackers only spent three days between obtaining initial access and system encryption in their shortest successful attack, a report from Group-IB revealed.
"After gaining access to a companys infrastructure, the threat actors exfiltrate specific documents (most often to determine what organization they are dealing with) and look for files containing passwords (both plaintext and encrypted). Lastly, after acquiring all the necessary privileges and gaining access to all the devices they are interested in, the hackers deploy ransomware to all the devices and run it," said researchers.
The report also noted that Conti had been operating around noon until 9 p.m., with affiliates continuously tracking Windows updates and new patch changes, as well as identifying zero-day flaws.
Despite the takedown of the Conti brand in May following the disclosure of its source code and chat messages, Conti has remained the second most active ransomware group in the first quarter and has entered collaborations with smaller ransomware groups.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.
Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients, parents, guardians, and guarantors, according to BleepingComputer.