Russia-based ransomware group Conti issues warning to Kremlin foes
London (Reuters) – A Russia-based cybercrime group, known for using ransomware to extort millions of dollars from U.S. and European companies, vowed on Friday to attack enemies of the Kremlin if they respond to Russia’s invasion of Ukraine.
In a blog post, the Conti group said it was announcing its “full support” for the government of President Vladimir Putin. On Thursday, the Russian military invaded neighboring Ukraine from the north, east and south, in the biggest attack on a European state since World War Two.
“If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read.
Ukraine has been hammered by digital intrusions and denial-of-service attacks both in the run-up to and during the Russian invasion.
Reuters reported on Thursday that the Ukrainian government has called for volunteers from country’s hacker underground to help protect critical infrastructure and cyber-spy on Russian troops.
“A portion of actors involved with Conti ransomware are based in Russia and some criminals operating from there already have documented ties with Russian intelligence apparatus,” said Kimberly Goody, a director with U.S. cybersecurity company Mandiant.
She said the Kremlin had benefited in the past from its relationships with cyber criminals, “and even if not outright directed to take action, these actors could conduct ‘patriotic’ operations independently.”
Brett Callow, a threat analyst at New Zealand-based cybersecurity company Emsisoft, noted that Conti has made “big and outrageous” claims before. But he recommended U.S. companies keep a close eye on their cyber defenses as cyberattacks in Ukraine could spill out abroad.
First detected in 2019, Conti has since been blamed for ransomware attacks against numerous U.S. and European companies.
In those incidents, Conti hackers invaded networks and encrypted data, disrupting operations and demanding payment to restore access. Among the victims were a federal court in Louisiana and a New Mexico hospital, according to research by Emsisoft.
In May, the FBI said Conti was responsible for attacks on 16 U.S. medical and first response networks, Reuters previously reported.