The Ransomware Attacker's Cookbook: Examining Conti’s Leaked Documentation to Better Enable Ransomware Defense
In recent years, ransomware has become ubiquitous with cybersecurity attacks, costing more than US $20 billion globally in damages in 2021. The advent of high-profile ransomware attacks, starting with 2017’s WannaCry global attack, has significantly elevated ransomware awareness. Recent years have seen ransomware attackers strike at schools, government, healthcare, and infrastructure, among other targets.
A recent leak of documents from Conti, one of the world’s most prolific RaaS providers, revealed some of its inner workings, providing researchers and reporters with insight into how these organizations operate. We dove deeply into the attacks Conti publicly reported on their leak site to gain insights on the verticals that were most impacted, the revenue range distribution by attack, and countries that were most heavily affected.
Join Akamai threat researchers that have been analyzing and researching RaaS providers to reveal some of the underlying mechanisms that have contributed to their success and some of the results that provide a thorough reporting of attack trends, tools, and the mitigation that must follow, which include:
- Monitoring and blocking of tactics, techniques, and procedures (TTPs) used in lateral movement
- Separating the network into operational segments — by application, usage, or environment and not allowing unnecessary connections between and within those segments.
- Using segmentation and ring fencing on critical data services and limiting access to them to reduce the risk factor against those services.