💰💣

ConnectWise Security Incident

May 2021 - June 2022 1560 days ago Resolved

Incident Overview

Situation Description

The article discusses the Conti ransomware group, its tactics, major attacks, and provides recommendations for MSPs to protect their clients against such threats.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Other

Geographic Scope

Global

Response Actions

Implemented Advanced Authentication Hardened Attack Surface Conducted Employee Training Revised Incident Response Plan

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Intellectual Property Credentials Government Data Source Code Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Data Exposure Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

Implement multi-factor authentication (MFA) to protect clients against ransomware attacks.; Keep all client software and systems up to date by patching systems and software in a timely manner.; Educate client teams on best practices for email hygiene and how to spot phishing emails.

Technical Analysis

Attack Method

Phishing

Threat Actor Attribution

Conti

Vulnerability / Tool

Remote Desktop Protocol (RDP)

Additional Information

5/3/2023 | 3 Minute Read Conti ransomware: prepare and protect your clients Topics: Cybersecurity Contents Stay informed to protect your clients and your business. Download the 2024 MSP Threat Report Conti is one of the most notorious cybercrime collectives in the world. Widely known for their aggressive and effective tactics to mount large-scale attacks on organizations of all sizes, Conti ransomware is a reminder of the importance of developing a robust cybersecurity plan for your clients. From using multi-factor authentication (MFA) to monitoring networks for vulnerabilities, use these recommendations to help protect your clients against the possibility of ransomware attacks. What is Conti ransomware? Conti ransomware works by leveraging a ransomware-as-a-service (RaaS) attack model. This model of industrialized cybercrime typically functions by paying affiliates to deploy malware into an organizations IT systems. Once this implementation occurs, it creates a window of opportunity for the primary cybercriminals to infiltrate an organizations network, encrypt data, and then hold this information for ransom. In the case of Conti ransomware, the CIA theorizes that Conti developers likely have a slightly different model: Developers pay the deployers of the ransomware a wage versus a percentage of the proceeds used by affiliate cyber actors. Furthermore, since the widely publicized ransomware attack on the Colonial Pipeline in May 2021, the RaaS landscape continues to evolve, with key players adopting new tactics that draw less attention. Who is behind Conti ransomware? According to statements by the U.K. and U.S., Conti is likely linked to Russian intelligence services , and many of their actions align with Russias international interests. Researchers have also concluded that cybercriminals in the Conti ransomware gang have connections to the Kremlin . In most scenarios, Conti attacks have employed...

... (truncated for display)

Quick Facts

Company:: ConnectWise
Date:: May 2021 - June 2022
Status:: Resolved
Decision Maker:: Bryson Medlock
Position:: Threat Intelligence Evangelism Director of the Cyber Research Unit
Published:: 3/05/2023

Source Information

Original Query

Ireland Health Service Executive (HSE) final report on Conti ransomware attack recovery costs

View Original Source

Timeline

Information Published

3/05/2023

Incident Occurred

May 2021 - June 2022 (1560 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats