Photo by Michael Dziedzic on unsplash.com

A joint warning from a trio of the top U.S. cybersecurity authorities last month cautioned against a new ransomware that targets the defense industry and infrastructure companies. These industries represent a significant contributor to many regional economies, particularly in California. 

The ransomware, called Conti, is sold by criminals as a “service” to other criminal groups, similar to how you might buy Photoshop, Salesforce, Slack or PowerPoint for your business. This means the criminals attacking companies in the U.S. don’t need to have any particular set of hacking skills, they can just buy a very sophisticated, out-of-the-box ransomware product and deploy it against whomever they choose.

The National Security Agency (NSA), Federal Bureau of Investigation (FBI) and the Critical Infrastructure Security Agency (CISA) issued the warning, saying Conti had already hit more than 400 U.S. organizations that we know of, many of them critical industries. The Conti attacks have been extremely lucrative, and like any business, this cash flow will only support its growth. 

What is critical?

The term “critical” is important. Critical infrastructure is defined by the Department of Homeland Security as falling into 17 industries deemed “critical to the infrastructure of the United States.” These include dams, critical manufacturing, water and wastewater, transportation systems, government facilities and defense companies, all major contributing industries to the California economy. 

For example, Fresno-headquartered ERI plays a significant role in the sector known as ‘Critical Manufacturing,’ among others. In this capacity, ERI recently joined the DHS Coordinating Committee for Critical Manufacturing to help share security knowledge and learn from other critical partners. Other companies that fall into one of the 17 categories can also make use of the extensive resources provided by DHS to help combat Conti and numerous other types of cyberattacks. 

Why is Conti different?

Unlike other types of ransomware that simply lock up systems while criminals collect a ransom to unlock them, Conti also facilitates theft of intellectual property. When that intellectual property belongs to companies prevalent in California, particularly on the coastline, the damage can be immense, both to national security and our local security. California is home to 11 ports, among them some of the world’s largest. These locations alone account for thousands of vulnerable, critical businesses. 

What can companies do? 

The federal agencies describe in detail some of the common tactics Conti ransomware criminals use and some simple ways even small companies can tighten their defenses:

– Spearphishing: This is a tactic that uses targeted, tailored emails to executives or workers with significant access to corporate systems. These emails contain malicious attachments or links. Employees should be warned about this tactic and educated on how to spot suspicious emails. 

– Stolen or weak remote desktop credentials: Many of us have become accustomed to logging into a remote workspace during the pandemic. This convenient technology, which allows workers to get into protected corporate networks to do their jobs from home, was inevitably going to be a target of criminals looking to exploit this sudden shift in work style. Employees should be mindful of their remote login password strength, and companies should monitor for breaches of remote sign-on information and suspicious login attempts. Companies should also use “multi-factor authentication” when they can, meaning they should require employees to not only have a password but a second credential, like a phone number or face id. 

– Phone calls: Just like in the movies, criminals still use fraudulent phone calls to trick employees into giving up their credentials. Employees can be simply warned of this tactic and companies should clarify that their IT support function will not call employees and request personal information or passwords. 

– Fake software promoted via SEO: Have you ever received an email promising an upgraded version of Windows or a bandwidth speed-checking software? These fraudulent targeted ads are a common source of ransomware, and the government emphasizes this method is typical of Conti attacks. Most ad-generated download prompts should be considered suspect, and companies should take measures to ensure employees can’t download unapproved software on machines that are linked to the corporate network. 

For more information on how to prevent Conti attacks, including deeper technical detail that businesses can provide to their IT staffers, the U.S. Computer Emergency Response Team has provided several pages of information: https://us-cert.cisa.gov/ncas/alerts/aa21-265a 

---

Kate Fazzini is CEO of Flore Albo LLC, an adjunct professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. The first five readers who send an e-mail to this address link will receive a free signed copy of John’s new book, The Insecurity of Everything.