The Conti ransomware was unfazed by the recent code leaks against them

April 5, 2022
Conti Ransomware Malware Threat Group Code Leak Murmur3 Threat Intelligence

Conti ransomware is still actively executing attacks despite the current source code leaks that their rivals are performing to disrupt them. A cybersecurity firm spotted an updated version of the ransomware and stated that its operators released the update before their source code, and conversation logs were leaked.

 

The ransomware group continued to operate, bring new upgrades, and target new victims each day instead of regrouping and laying low after the source code leaks.

 

This latest evolution includes new functions added by its developers to the ransomware code. The operators also had new command-line arguments for more straightforward and smooth communications for future campaigns.

Moreover, the new features enabled Conti to reboot the system in Safe Mode with networking capabilities and the initiation of the file encryption process, allowing Conti to maximise the file encryption process since business applications are likely to stay close in Safe Mode.

Conti’s operators also included new ways and features to bypass security detections and analysis. The threat group has been resolving most Windows API functions by using a hash algorithm to frustrate malware researchers and analysts.

Researchers added that Conti utilises the Murmur3 hashing algorithm in this latest version since it produces different hash values for the entire API function used by the system. Therefore, it helps avoid security solutions that search for the corresponding hash values.

In addition, a new set of file extensions such as [.]LvOYK, [.]C5eFx, includingZG7Ak, [.]wjzPe, and [.]fgM9X are believed by the researchers to be utilised by the threat actors for evading several endpoint solutions. Researchers can identify it as a previous Conti pattern since its operators used five uppercase letters in its codes.

Although numerous researchers and analysts made significant efforts in exposing the weaknesses of Conti through the code leaks, the ransomware has still proceeded with its malicious activities by adding new functions.

Experts claimed that the Conti ransomware had upgraded its features to stay ahead of the curve and thwart researchers. Organizations are advised to employ a more trustworthy backup provider and anti-ransomware solutions.

About the author

Leave a Reply