How to block Conti ransomware and how it works. Hacker leaks the entire group’s detail

Ransomware as a Service (RaaS) has become one of the most prolific models of cybercriminal operation, although this does not mean that there are no disputes between the various threat actors involved in the process. A recent security report notes that an angry Conti ransomware affiliate decided to leak manuals and other technical details prepared by the hacking group for the training of its cybercriminal partners.

This confidential information was posted on the XSS hacking forum, hosted on the dark web, and was shared by a user who appears to have had problems with the amount of money obtained from his work with Conti hackers, who paid him to compromise corporate networks, which experts recommend blocking to prevent Conti infections.

The leak includes multiple screenshots of the IP addresses where Conti hackers host their Cobalt Strike C&C servers, used by the ransomware gang to access compromised networks.

The leaker also published a file with a Russian name (Мануали для работяг и софт.rar), which could be translated as “Manuals for workers and software”. This file contains a total of 37 secondary files for the use of the hacking tools employed by this cybercriminal group.

The file includes multiple instructions for deploying various attacks, for example:

  • The deployment of brute force attacks
  • Compromise of routers, NAS devices and security cameras
  • Use of ZeroLogon exploits
  • Deployment of Kerberoasting attacks
  • Disabling Windows Defender protections
  • Deletion of backups
  • Installation of Metasploit and other hacking tools

Cybersecurity specialists mention that leaks in RaaS operations are something very rare, so without a doubt this is a fact that draws attention. However, experts also consider that the information shared in this leak does not include anything that the cybersecurity community had not previously discovered, even mentioning that these techniques and procedures have been used by ransomware operations for years.

Still, this leak will help some security companies craft updated and more robust defensive manuals so that public and private organizations can better detect any intrusions from Conti and other similar ransomware variants.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.