November 28, 2021

Volume XI, Number 332

Advertisement
Advertisement

FBI, CISA + NSA Issue Conti Ransomware Advisory

On September 22, 2021, the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a cybersecurity advisory alerting companies to the threat of Conti ransomware.

According to the advisory, CISA and the FBI are aware of more than 400 attacks of Conti ransomware against both U.S. and international organizations. Conti attacks include exfiltrating files, encrypting servers and workstations, and demanding a ransom to return the stolen files.

Conti is considered a ransomware-as-a-service model which has “historically targeted critical infrastructure.” Conti uses techniques to attack organizations, including “spearphishing campaigns, remote monitoring and management software, the ‘PrintNightmare’ vulnerability, and remote desktop software.”

The Conti Ransomware advisory provides tips for organizations to help them prevent an attack, such as employing multi-factor authentication, implementing network segmentation, filter traffic, scanning, removing unnecessary applications and applying controls, implementing endpoint and detection response tools, restricting remote desktop protocol access, and securing user accounts.

The advisory can be accessed here.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 273
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement