Security News > 2021 > September > Conti Ransomware Expands Ability to Blow Up Backups
Good at identifying and obliterating backups? Speak Russian? The notorious Conti ransomware group may find you a fine hiring prospect.
The two-slap whammy of double extortion entails both data encryption and the threat to publish that seized data, but according to AdvIntel's collection of Conti ransomware samples, Conti views victims' desire to avoid the publishing of their data as only a secondary goal - most particularly if those victims can rely on backups instead of having to pay.
"If the victim has the ability to restore the files via backups, the chances of successful ransom payment to Conti will be minimized, even despite the fact that the risk of data publishing persists," the researchers wrote.
AdvIntel has found that Conti builds its backup removal expertise from the ground up, starting at the "Team development level." Namely, when the ransomware-as-a-service gang recruits for workers to invade networks, they're clear that their penetration-tester candidates need top-notch skills at finding and obliterating backups.
Finally, to ensure that the victim has been kneecapped and won't be able to recover, the Conti attackers lock the victim's system and manually remove the Veeam backups.
Enabled backups tremendously decrease Conti's ransom demands and can likely lead to data recovery with zero payments to the Conti collective.... Rule #1 of Linux Security: No cybersecurity solution is viable if you don't have the basics down.