TLP: White Report: 202203101700
March 10, 2022
Conti Ransomware (Update)
Executive Summary
Conti is a ransomware group that has aggressively targeted healthcare organizations since it was first observed in 2019. Conti ransomware attacks have targeted the healthcare industry, major corporations, and government agencies, particularly those in North America. In typical Conti ransomware attacks, the threat actor steals sensitive data from compromised networks, encrypts the targeted organizations’
servers and workstations, and threatens to publish the stolen data unless the target pays a ransom. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1000. Notable attack vectors include Trickbot and Cobalt Strike.
Report
Joint Cybersecurity Advisory (CISA, FBI, NSA, USSS): Alert (AA21-265A) Conti
https://www.cisa.gov/uscert/ncas/alerts/aa21-265a
Impact to HPH Sector
HC3 is aware of the Conti operators aggressively targeting healthcare and public health targets and fully expects this trend to continue. While there are no specific or credible cyber threats to the U.S. homeland currently, CISA, FBI, NSA, and the United States Secret Service encourage organizations to review the referenced report and apply the recommended mitigations.
CISA offers a range of no-cost cyber hygiene services to help organizations assess, identify, and reduce their exposure to threats, including ransomware. By requesting these services, organizations of any size could find ways to reduce their risk and mitigate attack vectors.
Read the full Alert at https://www.hhs.gov/sites/default/files/conti-update.pdf