What is Conti Ransomware – And What Can You Do to Protect Your Business?

Ransomware isn’t just an Australian problem, it’s a global one. Just like the pandemic, malware and viruses spread around the globe quickly in this connected age, and it’s up to cybersecurity specialists to recognise threats on the horizon and implement protective measures to safeguard businesses and IT infrastructure. Today, our IT security team is looking at Conti and what your business needs to do to protect itself.

What is the Conti Threat?

ContiRansom is a highly infectious malware attack that was first identified around May 2020. It’s very dangerous because it is exceptionally fast-acting – spreading to new systems and encrypting data at a very fast pace. It was developed by hackers known as the Conti gang, which is the 6th most active ransomware gang in the world, specialising in ransomware-as-a-service.

It is primarily distributed through bots. The attacker sends a phishing email that looks like it is from a legitimate sender that the receiver is familiar with. This email will contain a link that connects to a GoogleDrive document that contains the virus. Once it is downloaded to the victim’s device, it activates by downloading a backdoor into your system that connects your device to the control centre, allowing the attack to begin.

Once the device is infected, the files on it are encrypted and blocked from the user. A ransom is then demanded, and the attacker promises to deliver the encryption key to unlock the files once it is paid. The attacker also threatens to expose a portion of the data online if the ransom is not paid.

It will also work quickly to infect other devices connected to the infected device, using a multi-threading technique that makes it very difficult to stop once it starts, and spreading via Server Message Block (SMB) to other computers.

Preventing a ContiRansom Attack

Because this malware is so difficult to stop once a device is infected, it is essential to do everything you can to prevent an attack from occurring. This means using a VPN if possible, educating staff about recognising phishing emails and having a person or resource to report to if a suspicious email occurs, and having a team that continually monitors your network and can react as quickly as possible when a threat develops to limit the damage. We would also recommend that you prepare your business for a worst-case scenario, ensuring that you have regular backups of all your data stored securely offsite so that your system can be restored with minimal downtime if an attack gets through your defences.

To secure your business against this and other cyber threats, you need a partner you can trust to treat your business as their own. At Otto, we’re all about becoming true partner’s in your business’s success by making tech human – and that means delivering IT cybersecurity solutions that work for your business, make your life easier, and solve your problems rather than adding to them. Chat to our team today about IT security, disaster recovery solutions, IT support or upgrading your IT systems.