The Conti ransomware group on Friday announced its support of the Russian government in its invasion of Ukraine, as cybersecurity officials in the United States took to Twitter to warn organizations to brace for potential retaliation.
The cybercrime gang posted the message to its site on the dark web along with the threat to retaliate against anyone targeting the Russian government in a cyberattack or "war activities" by targeting critical infrastructure.
Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Agency who is now a partner at the Krebs Stamos Group, tweeted that the Conti gang may have answered the question whether the group was aligned with the Russian government.
The current director of CISA, Jen Easterly, joined Krebs in tweeting the hashtag "#ShieldsUp" on Friday, along with a link to an SC Media commentary urging critical infrastructure leaders to heed the agency's alert to take steps to protect themselves against ransomware. The banner image of Easterly's account also features the colors of the Ukrainian flag.
Conti's ransomware has been observed since 2020 and has used ProxyShell vulnerabilities in Microsoft Exchange to conduct the extortion attacks.
Russian forces invaded Thursday after weeks of building up its troops along its border with Ukraine. The invasion was preceded by cyberattacks against Ukrainian organizations, which cybersecurity firms observed a new type of wiper malware in those initial attacks, theorizing that ransomware was used a decoy to deploy the malware.
U.S. President Joe Biden and Western governments levied economic sanctions against Russia. In a televised address Thursday, Biden said the U.S. was prepared to respond to cyberattacks against its critical infrastructure. While Biden did not elaborate what that response might be, NBC News reported that Biden was presented with options that included cyberattacks against Russia's military operations in Ukraine.