Security News > 2022 > March > CISA updates Conti ransomware alert with nearly 100 domain names

CISA updates Conti ransomware alert with nearly 100 domain names
2022-03-10 00:31

The U.S. Cybersecurity and Infrastructure Security Agency has updated the alert on Conti ransomware with indicators of compromise consisting of close to 100 domain names used in malicious operations.

Originally published on September 22, 2021, the advisory includes details observed by CISA and the Federal Bureau of Investigation in Conti ransomware attacks targeting organizations in the U.S. The updated cybersecurity advisory contains data from the U.S. Secret Service.

Internal details from the Conti ransomware operation started to leak at the end of February after the gang announced publicly that they side with Russia over the invasion of Ukraine.

The agency today released a batch of 98 domain names that share "Registration and naming characteristics similar" to those used in Conti ransomware attacks from groups distributing the malware.

The above list of domains associated with Conti ransomware attacks appear to be different from the hundreds that the Ukrainian researcher leaked from BazarBackdoor infections.

Since the beginning of March, Conti listed on its website more than two dozen victims in the U.S. Canada, Germany, Switzerland, U.K., Italy, Serbia, and Saudi Arabia.


News URL

https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/