The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have seen Conti ransomware used in more than 400 attacks on U.S. and international organizations. Typically, Conti ransomware attacks are malicious in nature and occur when a bad actor intends to steal company files and/or encrypt servers and workstations. Then, they demand a ransom payment in exchange for the files and access to servers and workstations. If the company or victim does not cooperate, the Conti actor threatens to release the files to the public.
To protect against Conti ransomware, CISA, the FBI, and the NSA advise implementing several safety measures, like adding multi-factor authentication (MFA), implementing network segmentation, and performing regular software and system updates
Conti actors have been known to gain access to networks through the following, among others:
- Spearphishing campaigns;
- Weak remote desktop protocol credentials;
- Vishing (phishing over the phone); and
- Malware distribution networks.
When a Conti actor begins to execute the attack, they will use a below-the-radar method to access files without being detected by anti-virus engines. CISA and the FBI have seen Conti actors taking measures to test for strong routers, cameras, and network-attached storage devices. All in an effort to remain undetected.
Conti actors have a reputation for exploiting remote monitoring and management software and remote desktop software as backdoors to remain on a victim’s network. The actors are resourceful in that they will use what is readily available on the victim’s network to obtain credentials and escalate privileges within a domain.
WHAT DOES THIS MEAN FOR ME?
As cyber criminals continue to become more sophisticated, so must your cybersecurity program. Safeguards like MFA, strong password requirements, and consistent employee training are no longer just best practices; they are expectations.
Cybersecurity attacks expose the weak points of a company and put your client’s data at risk. To avoid being the next ransomware victim, it is important that any compliance gaps in your firm’s cybersecurity policies and procedures are addressed and that policies are tailored to the firm’s business practices and implemented in practical manner.
If your firm requires assistance with implementing cybersecurity programs to comply with industry best practices and regulatory expectations, Fairview Cyber can assist. We support registered investment advisers by creating and implementing comprehensive, sustainable cybersecurity programs with the help of our in-house regulatory experts.