Conti ransomware, a spinoff and likely heir of the infamous Ryuk, has recently launched a data dump website to take its extortion tactic to the next level.
This move fits the mold of the ongoing trend of pressuring victims into submitting a ransom. As before, this harmful code is being served via TrickBot, a modular banking Trojan that exhibits malware loading properties. It used to be that the Trojan would deploy the Ryuk ransomware as the final-stage payload.
According to security researchers, Ryuk isn’t being promoted this way since July 2020. Instead, criminals associated with the TrickBot malware distribution network switched to pushing the Conti ransomware.
Conti is a new Ransomware-as-a-Service (RaaS) platform with limited cybercriminal audiences. It has hired seasoned crooks to spread the file-encrypting threat. The operators get their cut from ransom payments and give the rest to ne’er-do-wells who execute a successful extortion attack.
As per statistics derived from the ransomware identification service “ID Ransomware”, Conti infections have been steadily growing since mid-June 2020. Meanwhile, the propagation of Ryuk has taken a nosedive ever since. The overlapping of these two opposite trends proves the theory that the Ryuk group is now plaguing enterprise networks with the Conti ransomware. (more…)