Skip to main content

Corporate Internet Users Watch Out For Conti Ransomware

By July 22, 2020May 5th, 2022Cybersecurity

Although you may not be familiar with the name, a strain of ransomware called “Conti” is surging in popularity on the Dark Web and seeing a rapidly growing number of installations, so it’s definitely one to be on guard against.

Advanced intel’s Vitali Kremez has been tracking this strain since it first appeared in late 2019.

According to Kremez, the code appears to be an offshoot of an older strain of ransomware called Ryuk. The number of active installs of Ryuk has been declining for a few years now, while the number of Conti installations increases at virtually the same pace.

Kremez, had this to say about the new ransomware threat:

Based on multiple incident response matters and current assessment, it is believed that Conti ransomware is linked to the same Ryuk ransomware developer group based on the code reuse and unique TrickBot distribution. The same distribution attack vector is used widely by the Ryuk deployment group.”

While there are a number of interesting aspects to the design of Conti, one of the most interesting is the fact that it utilizes 32 threads during the file encryption process. While multi-threaded ransomware isn’t new or unique, Conti is the first to use 32 threads, which makes it stand out and allows it to encrypt a machine with blinding speed.

The advantage to the attacker here is that the attack might be over before a victim even realizes what’s going on. On the other hand though, a wary, observant user might notice that the machine’s performance takes a sudden nosedive, which is a red flag that something is wrong. That gives IT professionals a small window to deploy countermeasures and potentially stave off the attack.

The other interesting aspect of this code’s design is the fact that it utilizes the Windows restart manager API to close open files. Again, while not unique, it is something not used by many malware strains, which sets Conti apart.

In any case, it’s a serious and growing threat, and one your staff should be briefed on and prepared for.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.