The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam backupand recovery software.
That’s according to a report published on Wednesday by cyber-risk prevention firm Advanced Intelligence, which details how Conti has honed its backup destruction to a fine art – all the better to find, crush and kill backed-up data. After all, backups are a major obstacle to encouraging ransomware payment.
Palo Alto Networks has described the gang as a standout, and not in a good way: It’s one of the most ruthless of the dozens of ransomware gangs that we follow,"" the firm said. As of June, Conti had spent more than a year attacking organizations where IT outages can threaten lives: Hospitals, emergency number dispatch carriers, emergency medical services and law-enforcement agencies.
Its expertise in demolishing backups has helped Conti to rain down destruction. According to AdvIntel head of research Yelisey Boguslavskiy and CEO and chairman Vitali Kremez, Conti – a top-tier Russian-speaking ransomware group that specializes in double extortion – bases its negotiation strategies on the premise that the majority of targets who pay the ransom are "motivated primarily by the need to restore their data."
Conti has focused most particularly on developing new ways to compromise backup software from disaster-recovery firm Veeam.
In one such campaign observed by AdvIntel in the past year, as is its wont, Conti used Cobalt Strike beacon: The legitimate, commercially available tool used by network penetration testers and whose usage by crooks has gone mainstream in the world of crimeware.
Read full article on https://threatpost.com/conti-ransomware-backups/175114/
#conti #ransomware #veeam #backup #yokdata #BeCyberSmart