Conti ransomware prioritizes revenue and cyberinsurance data theft

Lawrence Abrams points us to some interesting findings by Advanced Intel, who pored through the Conti manuals and materials recently dumped by a disgruntled affiliate.

An interesting tactic used by the ransomware gang is using the legitimate Atera remote access software as a backdoor for continued persistence.

When conducting an attack, ransomware operations commonly deploy Cobalt Strike beacons that the attackers can use to execute commands remotely and gain continued access to a network.

However, security software products have become more adept at detecting Cobalt strike beacons, leading to a loss of access for the threat actors.

Abrams also talks about another finding by Advanced Intel:  that searching for cyberinsurance information may be an indicator of exfiltration.

Read more on BleepingComputer

About the author: Dissent

Comments are closed.