Security News
The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. It's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack.
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang. Up to $10 million of this reward are offered for info on Conti leaders' identity and location, and an additional $5 million for leading to the arrest and/or convictions of individuals who conspired or attempted to participate in Conti ransomware attacks.
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang. Up to $10 million of this reward are offered for info on Conti leaders' identity and location, and an additional $5 million for leading to the arrest and/or convictions of individuals who conspired or attempted to participate in Conti ransomware attacks.
An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three-month-period between October and December 2021.
A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers. Researchers with both Proofpoint and Cybereason found code similarities between Bumblebee and TrickBot's malware.
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.
The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. One of the most prolific ransomware groups of the last year along the likes of LockBit 2.0, PYSA, and Hive, Conti has locked the networks of hospitals, businesses, and government agencies, while receiving a ransom payment in exchange for sharing the decryption key as part of its name-and-shame scheme.
"Whether Karakurt is an elaborate side hustle by Conti and Diavol operatives or whether this is an enterprise sanctioned by the overall organization remains to be seen," researchers said. Tetra Defense initially discovered the link between Karakurt and Conti at a client who claimed to have been hit with another extortion attempt after already falling victim to Conti and paying the ransom demand.
After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation. In a recent report, Infinitum IT details that they were able to gain access to Conti's infrastructure when the Conti leaks started, on February 27, after logging into multiple ProtonMail and Mega storage accounts used by one Conti member.
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. BleepingComputer was told on March 31st that the company suffered a Conti ransomware attack which caused the entire platform to go offline.