In light of the news that Ireland’s health service has temporarily shut down its IT system after what it described as a “significant ransomware attack”, Patrick Wragg, Cyber Incident Response Manager of Integrity360 had the following to say.
“The ransomware variant is reported to resemble “Conti”. This is a ransomware tool that has been in operation since at least December 2019 and is believed to be derived from the “Ryuk” ransomware variant. Conti is often deployed using the “TrickBot” infrastructure. Conti is designed to be operated by the attacker, rather than via an automated process, and it contains unique features that allow a more targeted and quicker attack. Conti’s ransomware operations have targeted a wide variety of sectors globally, which include construction, manufacturing, and retail.
We would recommend that businesses increase vigilance of their environment, ensuring firewalls, IDS/IPS and AV solutions are monitored for any malicious activity; servers and applications are patched and consideration is given to disabling external RDP functionality or SMB.”