The best defence against Conti Ransomware is awareness, prevention and preparedness.
First observed in 2020, Conti Ransomware has been found targeting Cyber networks and infrastructure globally.
This awareness blog reflects this prominence of Conti Ransomware deployment and the seriousness of a Conti Ransomware attack – which has the capability to disable networks and systems holding victims to ransom. These victims include the public, private and third sectors, businesses, organisations and the Critical National Infrastructure including Government and Health organisations.
This Cyber-attack uses the traditional social engineering Phishing email method, through the use of the advertisements and impersonation of fake popular software downloads targeting
individuals at every level of an organisation to maliciously access its’ network with the objective to infect systems, networks, devices, exploit Remote Desktop Protocol (RDP) and unpatched vulnerabilities in software and systems.
This ransomware attacks through intrusion before seeking to obtain confidential and sensitive files. The malware then encrypts servers, workstations and systems with the Conti Ransomware, before demanding a cryptocurrency payment and those responsible are also known to use double and triple extortion techniques.
We are highlighting prevention, mitigation and support measures to protect from the threat of Conti Ransomware and to encourage individuals, sectors and organisations to protect and prepare against all types of Cyber-attack by;
- Performing an immediate online and offline secure data backups ensuring these are scanned for any malware. Your online backups should be stored on a separate server / system.
- Your Offline backup should be stored remotely, again scanned for malware, on an assured device and both these backups will allow for data restoration in the event of a Conti Ransomware or other ransomware attack and subsequent recovery phase.
- Backups should be done as frequently as you can, as this will ensure the stored data is as up to date as possible.
We would also ask you to attend to the following guidance;
- If you haven’t already, introduce and utilise multi-factor authentication to access the systems and devices of your network (2FA) and utilise strong and secure passwords such as Three random words – NCSC.GOV.UK.
- Keeping systems and applications updated
- Implementing and utilising an anti-virus software solutions
- Securing email gateways to thwart threats via emails containing malicious attachments, including the blocking of domains and hyperlinks received in emails. (The NCSC have launched their new email protection tool here )
- Be extra vigilant about opening unrecognised or suspicous emails and clicking on links and attachments they contain
Performing regular daily scans of all systems to detect intrusions and the addition of new user accounts to systems.
- Scanning systems for vulnerabilities that could be exploited by attackers including Remote Desktop Protocols (RDP) and patching them.
- Securing system administrations tools that attackers could abuse for infiltration into the system
- Ensure regular checking of users granted ‘Administrator privileges’ and ensure Administrator privileges are required to install software. Please ensure those with Admin privileges use a separate user account when attending to general work on your network.
- Implementing network segmentation and data categorisation to minimise further exposure of Intellectual property and other sensitive data
- Disabling third-party or outdated components or unused applications (including RDP access) that could be used as entry points.
- Ensure all staff are aware of the mitigation and preventative methods above, and that regular cyber hygiene and security training is conducted for all individuals across your organisation.
Staff training is an important part of a cyber defence strategy please see the NCSC’s cyber security training for staff now available – the course can accessed here.
The Cyber Scotland partnership also have training resources available here – Both resources are free to use.
If you have been a victim of crime, and it is not an ongoing emergency, you can report this to Police Scotland on 101. You can also report suspicious emails to the NCSC at report@phishing.gov.uk
Information from Police Scotland Cybercrime Harm Prevention Team.