What is Ransomware & How Was I Infected?
Ransomware is a type of malware that prevents you from accessing your computer or data, blocking access until a sum of money is paid. The hijacked computer becomes locked, or the data on it is stolen, deleted, or encrypted. Ransomware uses a technique called asymmetric encryption which uses a pair of keys to encrypt and decrypt a file; the attacker makes the private key available to the victim only after the ransom is paid.
So, how were you infected? Unfortunately, there are several ways you could have been hijacked. From unpatched servers, PCs and laptops, to email spam campaigns containing infectious files as attachments or download links, to untrustworthy download sources like torrents. Unofficial and freeware sites, and other third-party downloaders are often used, and illegal software activation tools known as ‘cracks’ can infect systems instead of activating licensed products. Infections can also be spread through exploitation of unpatched, outdated firewalls.
What is Conti Ransomware?
Conti is a re-branding of the RYUK ransomware variant which surfaced in June of 2020; its behavior and ransom notes were noted to be remarkably like RYUK. However, unfortunately for victims, Conti is even smarter, quicker, and faster in encrypting data while shutting down entire networks. A Conti ransomware attack on the Irish Health Service was discovered to have happened after one employee opened a malware-ridden email. On the other side of the world, the Australian Cyber Security Centre (ACSC) has stated that Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November of 2021. US-based companies have taken the brunt of the Conti ransomware attacks.
Why is Conti Ransomware So Problematic?
Conti is one of the costliest ransomware strains affecting businesses currently. Since the targets are usually larger corporations and organizations, the ransom payment demanded is also usually much higher than many other ransomware cases. Conti ransomware is an extremely damaging malicious program with the speed in which encrypts data and spreads to other systems, making it especially difficult to contain and deal with. The problem with ransomware, in general, is that even if you pay what the attacker asks, there are no guarantees that you will get access to your systems and files again; and Conti is no exception. If double extortion is used, in addition to data encryption, with the threat of leaking data, it could still be leaked even once you have paid. For example, after the Conti ransomware attack on Ireland’s health service, a decryptor tool was released, but according to the HSE, they are still likely to sell or release the stolen data.
To avoid becoming hostage to Conti or other types of ransomware and malware, it’s crucial to maintain recent offline backups of your most important files and data. Do not attempt to decrypt the files on your own, as you put yourself at risk of being scammed further by those offering easy fixes. The only way to decrypt the files is by obtaining the decryption key from the attackers, so it’s important to find a team who is experienced in negotiating with attackers and can settle payments quickly and securely.
If you need to learn more about how to best prepare and protect, in advance, for a ransomware, there is a great article here – Reduce the Risk of Ransomware & Other Cyber Attacks.