Security News > 2021 > May > FBI: 16 Conti Ransomware Attacks Targeted Healthcare, First Responders in U.S.
The FBI says it has observed 16 Conti ransomware attacks that targeted healthcare and first responder networks in the United States over the past year.
First detailed in July 2020, Conti has grown to become a major threat, with more than 400 organizations worldwide being hit by the ransomware to date.
Conti operators steal victim data in addition to encrypting files on servers and workstations, threatening to release the stolen data to the public unless the ransom is paid.
U.S. healthcare organizations and first responders that Conti has hit since its emergence include 9-1-1 dispatch centers, emergency medical services, law enforcement agencies, and municipalities, the FBI reveals in a newly published alert.
A typical Conti attack starts with the malicious document dropping Cobalt Strike and Emotet, with the attackers dwelling in the victim's network between four days and three weeks on average before installing the ransomware.
The FBI also notes that the ransomware operators use remote access tools that communicate over ports 80, 443, 8080, and 8443, that they employ cloud-based data storage providers MegaNZ and pCloud for large HTTPS transfers, and that they disable endpoint detection systems.
News URL
Related news
- Surge in Magniber ransomware attacks impact home users worldwide (source)
- Keytronic reports losses of over $17 million after ransomware attack (source)
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- FBI: BlackSuit ransomware made over $500 million in ransom demands (source)
- FBI: BlackSuit ransomware behind over $500 million in ransom demands (source)
- FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million (source)
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)