Computer security experts at Carbon Black talked about the new Conti ransomware virus, which is characterized by the speed of file encryption and some other features.
Conti belongs to the so-called “human-driven ransomware viruses.” That is, first, hackers carry out a targeted attack on computer networks of government departments or large companies, and then they already launch the virus.
At the same time, to ensure encryption speed of files, Conti starts 32 threads at once. Multithreaded viruses are not unique, but so many threads are unusual. Another feature is the management of the virus through the console client. For example, a virus can be “set” to encrypt only network directories, and files on the local computer can be left unchanged.
“Thus, hackers can provide a targeted effect even on an infected network and attack, for example, one specific server. In addition, this tactic allows the virus to go undetected longer, ”said Brian Baskin, Technical Director for Carbon Black Attack Research.
Another highlight of Conti is the use of the Windows Restart Manager component, which allows you to unlock the file before rebooting. Thus, the virus can encrypt files that are normally blocked by another process. For example, database files. According to Carbon Black experts, this is a truly rare technique.
Like other ransomware viruses, Conti requires a ransom payment in bitcoins to obtain a file decryption tool. At the same time, there are currently no ways to decrypt files without paying a ransom.
Recently, it was reported that the virus coder Avaddon uses Microsoft Excel macros for distribution. In addition, earlier this month it became known that macOS users were attacked by the EvilQuest virus.