The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) announced the release of an advisory today on the Conti ransomware threat, including technical details about cyber actors’ behavior mapped to MITRE ATT&CK and recommended mitigations.
CISA and FBI have observed an increased use of Conti ransomware in more 400 attacks to steal sensitive data from U.S. and international organizations. Malicious cyber actors typically use Conti ransomware against a victim to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen, sensitive data.
To secure systems against Conti ransomware, CISA, FBI, and NSA recommend implementing the mitigation measures described in this advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and updating your operating system and software.
If a ransomware incident occurs at your organization, CISA, FBI, and NSA recommend the following actions:
Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
Apply incident response best practices found in the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity.
Organizations should read the advisory, assess your unique cybersecurity environment, and implement recommended mitigations for any observed security gaps or weaknesses. Any support you and your organizations can do to amplify this joint advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency