Security News > 2021 > September > Translated Conti ransomware playbook gives insight into attacks
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation.
Apart from providing information about the gang's attack methods and the thoroughness of the instructions, which allow for less-skilled actors to become Conti ransomware affiliates and hit valuable targets.
The attack scenarios described in the documents were so thorough that "Even amateur adversaries [could] carry out destructive ransomware attacks," the researchers say.
The leak from the angry Conti affiliate also includes video tutorials, mostly in Russian, that explain how to use PowerShell for pen-testing, attacking the Active Directory, or how to use leverage SQL Server in a Windows domain.
Cisco Talos researchers believe that the translated version of the leaked Conti documentation will help other researchers better understand the tactics, techniques, and procedures of this threat actor as well as others that may be inspired by documentation.
The researchers provide translated individual texts in a ZIP archive as well as a PDF file.
News URL
Related news
- Hyundai Motor Europe hit by Black Basta ransomware attack (source)
- Ransomware attack forces 18 Romanian hospitals to go offline (source)
- Ransomware attack forces 21 Romanian hospitals to go offline (source)
- Ransomware attack forces 25 Romanian hospitals to go offline (source)
- Ransomware attack forces 100 Romanian hospitals to go offline (source)
- Trans-Northern Pipelines investigating ALPHV ransomware attack claims (source)
- LockBit claims ransomware attack on Fulton County, Georgia (source)
- Critical infrastructure software maker confirms ransomware attack (source)
- ScreenConnect servers hacked in LockBit ransomware attacks (source)
- New ScreenConnect RCE flaw exploited in ransomware attacks (source)