Conti ransomware attacks explained
Known for its speed of delivery, remote operation, and double extortion, Conti ransomware is a cyber threat that no organization wishes on its worst rivals. With reported ransom demands as high as $25 million, it’s imperative that every organization takes the threat of Conti ransomware seriously and takes the necessary steps towards preventing ransomware.
But nobody has to take those steps alone. Mimecast is proud to provide cybersecurity services to keep enterprises protected against Conti ransomware and other cybersecurity threats. This article will tell you what you need to know about Conti ransomware and how to protect against it.
What is Conti ransomware?
Conti ransomware is a human-operated “double extortion” ransomware that steals information for leaking and encrypts the data so that users can’t access it. It is classified as Ransomware as a Service (RaaS) and can target as many as 10 organizations in a single day.
Who does Conti ransomware target?
Conti ransomware can target anyone. So far, most of its targets have been manufacturing organizations based in the United States. Still, Conti ransomware attacks have sprung up in many countries, including the United Kingdom, Mexico, Ireland, South Africa, Australia, Indonesia, Italy, Germany, and Spain.
How does Conti ransomware spread?
Conti ransomware spreads via server message block (SMB) and uses lateral movement to spread. In other words, it can move across connected devices on a network, including computers, laptops, printers, and more.
What to do during a Conti ransomware attack?
During a Conti Ransomware attack, the first thing to do is isolate any infected devices by disconnecting them from your network and all other devices.
The next thing to do is assess the damage and threat by asking questions like:
- How many files were compromised?
- How much ransom is being demanded?
- What terms are being offered?
Then, be sure to document as much of this information as you can. At this point, it’s generally not advisable to pay the ransom. Paying will not guarantee recovery of your data, and it may encourage cyberattackers to extort your organization again.
After you’ve isolated the threat and documented what has happened so far, get in touch with law enforcement to report the ransomware attack. Not only is this often required by law, but law enforcement can be a great partner in helping you recover your data and bring the cybercriminals to justice.
The final step is to ensure your organization is protected from future ransomware attacks—from Conti or any other malware.
How to prevent Conti ransomware
The best way to prevent Conti Ransomware is to partner with the right cyber security service provider to ensure your organization is protected from cyber threats but still as agile and efficient as usual.
Together with Mimecast, many organizations have implemented cybersecurity protocols that can stop ransomware in its tracks without slowing down day-to-day operations.
Explore what Mimecast can offer your organization by getting a customized plan and quote.