The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan.
The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.
While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for use with this new group. Who was this doppelganger?
Nation struggles in aftermath of president’s refusal to pay to end cyber attack, even as hacking group collapsed
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies.
BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.
The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.
Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group's activity, we determined they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, FireEye) / WIZARD SPIDER (CrowdStrike).
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million…