"Conti Ransomware Gang Victimized US Health Care, First-Responder Networks, FBI Says"
The FBI recently posted an alert stating that they tracked at least 16 Conti ransomware attacks that struck U.S. health care and first-responder networks within the last year. That accounting only factors in attacks in the past year and incidents that the FBI itself identified. In all, the alert said Conti had hit 400 organizations, nearly 300 of which were in the U.S. The FBI said the recent first responder victims include 9-1-1 dispatch centers, emergency medical services, law enforcement agencies, and municipalities. According to the alert, the Conti gang has sought as much as $25 million to decrypt systems it locked up. Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials. Conti weaponizes Word documents with embedded Powershell scripts, initially staging Cobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware. The hackers tend to seek payment within two to eight days and will make Voice over Internet Protocol calls or communicate via ProtonMail to negotiate payment.