Angry Conti Ransomware Affiliate Leaks Gang’s Attack Playbook


The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. Yet another data-extortion cybercrime operation has appeared on the darknet named ‘RansomHouse’ where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. PyPI module ‘ctx’ that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer’s environment variables. Additionally, versions of a ‘phpass’ fork published to the PHP/Composer package repository Packagist had been altered to steal secrets. Government agencies have included Bleeping Computer cybersecurity articles and analysis in numerous advisories. Since the CryptoLocker ransomware attack in September 2013, and a subsequent DDoS of the site due to its reporting on the new malware, Bleeping Computer has been reporting on new ransomware families as they are released.

“It also provides a plethora detection opportunities including the group focus on AnyDesk persistence and Atera security software agent persistence to survive detections.” Attached to the above post are images of Cobalt Strike beacon configurations that contain the IP addresses for command and control servers used by the ransomware gang. If you need help digging up your computer’s manual, go online to find tech support information. Pay close attention to the number of beeps, if the beeps are long or short , and if the beeping repeats or not. You’re probably not going to make whatever problem you have worse by restarting a few times.

Advanced Intel’s Vitali Kremez, who had already analyzed the archive, told BleepingCompter that the training material matches active Conti cases. A security researcher shared a screenshot of this extracted folder with BleepingComputer. We were told it contains a manual on deploying Cobalt Strike, mimikatz to dump NTLM hashes, and numerous other text files filled with various commands. As part of this arrangement, the core team earns 20-30% of a ransom payment, while the affiliates earn the rest. Next, you’ll need to figure out what company manufactured the BIOS chip that’s on your computer motherboard.

In a tweet by security researcher Pancak3, it is advised that everyone block those IP addresses to prevent attacks from the group. The easiest way to figure this is out is by installing one of a free system information tool, which should tell you if your BIOS is made by AMI, Award, Phoenix, or another company. If that doesn’t work, you could open your computer and take a peek at the actual BIOS chip on your computer motherboard, which should have the company name printed on or next to it. Install a tool to determine the BIOS maker and then consult the appropriate online troubleshooting guide.

BleepingComputer came across multiple instances of users on online dating apps being approached by these catfishing profiles. Additionally, rewards through this program may be done anonymously in cryptocurrency, which could incentivize low-paid affiliates to turn on other cybercriminals. Recently the United States government announced that its Rewards for Justice program is now accepting tips on foreign malicious cyberactivity against U.S. critical infrastructure, with a potential$10 million reward for helpful information.

Follow these steps below to determine what computer problem the beep code is representing. During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft’s Windows 11 OS again and demoed zero-days in Tesla Model 3’s infotainment system. Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers.

Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia. Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December.

Some computers, even though they may have BIOS firmware made by a particular company, like AMI or Award, further customize their beep-to-problem language, making this process a little frustrating. If you think this might be the case, or just worried it could be, almost every computer maker publishes their beep code list in their user guides, which you can probably find online. If you’re hearing beep codes after you turn your computer on—and then it doesn’t start—it means the motherboard encountered some kind of problem before it was able to send any error information to the monitor.

The domain name originates from the sounds made by a broken computer and because you want to curse at a computer when it does not work properly. BleepingComputer was founded in 2004 after Abrams could not find existing technical support sites that could offer easy-to-understand instructions for his friends and family. Lawrence’s area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. “The leak also shows the maturity of their ransomware organization and how sophisticated, meticulous and experienced they are while targeting corporations worldwide.” Your computer maker isn’t the same as the BIOS maker and your motherboard maker isn’t necessarily the same as the BIOS maker, so don’t assume you already know the right answer to this question.