At a glance.
- Conti rebranding during ransomware campaign against Costa Rica.
- PayOrGrief is a rebranded DoppelPaymer.
- Indiscriminate and counterproductive hacktivism in Sri Lanka.
- BLE exploit proof-of-concept.
- Report: cyberattacks over Nile dam.
- Chaos declares for Russia.
- CISA warnings.
- Fraudulent liquidity mining.
- Chinese cyberespionage against Russian aerospace sector.
- Strapi vulnerability fixed.
- Cyrpters in the C2C market.
- Ransomware at Nikkei Asia.
- Crime and punishment.
- Policies, procurements, and agency equities.
Conti rebranding in the midst of Costa Rica ransomware attack.
BleepingComputer reports that Conti may be breaking into smaller gangs and rebranding itself in the process. Researchers at Advanced Intel Thursday tweeted that, while some of Conti’s public-facing sites (like the Conti News dump site and its negotiation portal) remain up, the group’s Tor infrastructure has been shuttered, in which case its attack on Costa Rica may amount to misdirection.
Reuters reports that the number of Costa Rican organizations affected by Conti's ransomware attack has now grown to twenty-seven. Recently elected President Rodrigo Chaves has said that nine institutions, most of them governmental, were heavily affected, and that the attacks were having an "enormous" impact on foreign trade and tax collection, and the country is also having difficulty paying its employees.
And, by the way, the ransom demand has gone up to $20 million, and (somewhat irrelevantly) US President Biden is a "terrorist." Costa Rica has refused to pay the ransom, but continues to work to restore services, as Conti woofs about seeking to foment an insurrection in Costa Rica to help force payment.
A communiqué from the group, reproduced by Tech Monitor, said, "We have our insiders in your government, I recommend that your responsible contact UNC1756, there is less than a week left when we destroy your keys, we are also working on gaining access to your other systems, you have no other options but to pay us, we know that you have hired a data recovery specialist, don't try to find workarounds, I communicate with everyone in this business, I have insiders even in your government! I once again appeal to the residents of Costa Rica to go out on the street and demand payment You're just forcing us to use terrible methods Another attempt to get in touch through other services will be punished by deleting the key."
The reference to UNC1756 is just made-up gasconade, since there's no record of activity under this particular classification, but CyberScoop reports that Costa Rica's President Rodrigo Chaves has led credence to the claim that Conti's getting some local help. “There are very clear indications that people inside the country are collaborating with Conti,” the president said, but, citing national security, declined to give details.