\n\u201cThe FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year,\u201d the FBI Cyber Division noted in its announcement. \u201cThese healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S.\u201d
\nThe Conti is a Ransomware-as-a-Service (RaaS) that Wizard Spider backs. Wizard Spider believes to be a Russian-based cybercrime group that launches similar attacks on organizations around the world.
\nThe Conti ransomware can gain access to victim networks through malicious email links, attachments, or stolen RDP credentials.
\nVictims must pay the amount requested by the attackers within eight days. If victims don\u2019t pay within this period, the attackers will contact the victims via Voice Over Internet Protocol (VOIP) or encrypted emails. The way Conti ransomware works is simple and similar to its other counterparts like Doppelpaymer.
\nConti ransomware is targeting healthcare organization in the United States and worldwide
\nThe United States healthcare organization are not the only victims of Conti ransomware. Ireland\u2019s Health Service Executive (HSE) and Department of Health (DoH) faced a similar case that Conti attackers asked for a $20 million ransom.
\nOf course, the DoH was able to repel the attacks, but the HSE had to shut down its IT systems.
\nFor technical guys, here are the Conti ransomware indicators according to the FBI\u2019s announcement: \u201cConti actors use remote access tools, which most often beacon to domestic and international virtual private server (VPS) infrastructure over ports 80, 443, 8080, and 8443. Additionally, actors may use port 53 for persistence. Large HTTPS transfers go to cloud-based data storage providers MegaNZ and pCloud servers. Other indicators of Conti activity include the appearance of new accounts and tools\u2014particularly Sysinternals\u2014which were not installed by the organization, as well as disabled endpoint detection and constant HTTP and domain name system (DNS) beacons, and disabled endpoint detection.\u201d
\nIf you are an IT admin or security expert at a healthcare organization, note these indicators so you can protect your data from this ransomware. The FBI has asked all organizations attacked by Conti ransomware to share their information.
\nThe post Conti Ransomware Attacked 16 Healthcare Organizations, FBI Says appeared first on Android Headlines.
\n
![](\"https:\/\/plus.maciejpiasecki.info\/wp-content\/uploads\/2021\/05\/Privacy-Cyber-Security-AH-Nov-AH-2019-600x338-1.jpg\")
\nSource: ndroidheadlines.com <\/p>\n","protected":false},"excerpt":{"rendered":"