Security Program Controls/Technologies, Breach, Content

Kaspersky Updates Decryption Tool for Conti Ransomware

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

Kaspersky is offering a new version of its decryption tool to protect organizations against a modified Conti ransomware variant discovered in December 2022, according to a prepared statement. To date, cybercriminals have distributed this variant and used it to attack companies and state institutions.

Previously, Conti's source code was leaked in March 2022, Kaspersky noted. Since that time, various cybercrime groups modified Conti and used it in their cyberattacks.

In December 2022, Kaspersky specialists found a Conti malware variant with leaked private keys, the company stated. These keys were spread across 257 folders.

Meanwhile, 34 of these folders had "explicitly named companies and government agencies," Kaspersky indicated. This shows that 14 out of 257 potential Conti attack victims paid a cyber ransom.

In February 2023, Kaspersky experts found a new portion of leaked data from Conti attacks published on forums. The data contained 258 private keys, source code and pre-compiled decryptors. This ultimately prompted Kaspersky to update its public decryptor.

What Kaspersky's Decryption Tool Offers

The decryption tool protects victims of the recently discovered Conti modification, Kaspersky said. Its associated decryption code and all 258 keys were added to the latest build of Kaspersky's RakhniDecryptor 1.40.0.00 utility. The decryption tool also has been added to Kaspersky’s "No Ransom" website.

Furthermore, Kaspersky has provided several recommendations to help organizations protect against Conti attacks, including:

  • Do not expose remote desktop services to public networks unless it is necessary. In instances where these services are required, organizations should use strong passwords for them.
  • Install patches for commercial virtual private network (VPN) solutions as soon as they become available.
  • Utilize security tools and technologies to detect lateral movement and guard against data exfiltration.
  • Monitor network traffic.
  • Back up data regularly.

The Conti ransomware group dates back to 2019, according to Kaspersky. It leaked the data of more than 150 companies in 2020 and continues to cause problems for global organizations.

Cybercriminals Increasingly Using Darknet Escrow Messages

Along with launching Conti attacks, cybercriminals are utilizing the darknet to buy and sell data services or partner with other criminals.

Cybercriminals published more than 1 million darknet escrow service messages between 2020 and 2022, according to Kaspersky's Digital Footprint Intelligence team. These messages made up 14% of the total deal-related messages on various dark web resources.

To protect against darknet activities, Kaspersky has recommended organizations keep their software up to date. Kaspersky also indicated that organizations utilize threat intelligence to keep pace with the latest cybercrime techniques, tactics and procedures (TTPs).

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.