Increased Threat of Cyberattack

In early March 2022 the Conti ransomware organisation announced they were in 'full support' of Russia and would retaliate should the West attack critical Russian infrastructure.

Around the same time a Ukrainian security researcher leaked several years of internal chat logs and other sensitive data tied to Conti. The chat logs provided a revealing look inside a major criminal enterprise (with over a hundred full time staff). The records also give insight into how Conti deals with internal breaches and attacks from external private security firms and foreign governments.

The Conti ransomware gang said it will use ‘retaliatory measures’ against the United States should Russian critical infrastructure be attacked by ‘Western warmongers’ according to a post on its leak site.

Conti, first detected in 2020, is a prolific ransomware gang involved in a number of high-profile attacks, including data backup vendor ExaGrid in 2021. A spate of cyberattacks in early 2020 triggered a security alert from the FBI.

Cyber-crime organisation Conti have announced they will target any country that engages in ‘war activites’ against Russia. With Australia sending arms to Ukraine - that means us.

Conti initially pledged support for Russia in two statements released on the group's data leak site. In the first, posted Feb 25, Conti "officially" announced "full support of the Russian government" shortly after Ukraine was invaded. The gang threatened to use "all possible resources" to attack the critical infrastructure of any enemy who organises "cyberattacks or any war activities."

This post was replaced with a longer one with more defensive tone:

"As a response to Western warmongering and American threats to use cyber warfare against the citizens of Russian Federation, the Conti Team is officially announcing that we will use our full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.

"We do not ally with any government and we condemn the ongoing war," the new post continued. "However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression."

On Sunday, tens of thousands of alleged internal Jabber messages between Conti gang operators were leaked through an anonymous file dump. The leaker wrote in an attached message that Conti "just lost all their sh-t before closing with "Glory to Ukraine!"

It is unclear who exactly leaked the logs. AdvIntel CEO Vitali Kremez believes it was a security researcher, rather than a Conti insider.

"Someone who obtained the server logs from the Jabber infrastructure is highly unlikely to be an affiliate," he said.

The files contain internal discussions between gang operators, including information on supposed ransomware victims, and highlighted the existence of a legal department within Conti.

General consensus of threat analysts from a number of recognised organisations is that the leaks did indeed emanate from Conti.

WHAT IS THE THREAT TO AUSTRALIAN BUSINESS?

NOW is the time to ensure you’re as protected as you can be, not after a cyberattack.

As an ally of the United States, the Federal government has openly declared solidarity with Ukraine. Australia has also announced it is sending arms to Ukraine to assist their armed forces in the fight against Russian incursions. Therefore, Australian business can expect increased levels of cyber-attack from Russia.

In light of all these worrying, recent developments, it is more imperative than ever that Australian SMB’s take every precaution to ensure they do not become victims of ransomware and cyber-crime in general.

It is therefore advisable for local small and medium businesses to

-          be prepared for a potential cyberattack

-          reduce attack surfaces by ensuring all systems are patched

-          Ensure MFA (multi-factor authentication) is in use for all staff logins

-          Train staff for what to look out for, to that end:

-          Have staff undergo regular cybersecurity awareness sessions

Contact Cyberlorian if you think you’ve been hacked or want to start a conversation about improving your cybersecurity.

Raph Tripp has worked in a variety of roles including IT management, Operations, project management, PMO and as both systems and business analyst. Since 2000 he has worked in a range of industries including gaming, hospitality, managed services, NFP and education.