A new version of a decryption tool for the Conti ransomware has been published by Kaspersky researchers, based on previously leaked source code for the Conti ransomware.
The Conti ransomware group has been active since 2019, the FBI estimated that between 2020 and 2022 the gang breached hundreds of organizations. The FBI estimated that as of January 2022, the gang obtained $150,000,000 in ransom payments from over 1,000 victims.
Earlier last year, the source code of the Conti ransomware operation has been released by the researchers to protest the potential conflict. Based on that , an unknown ransomware group started distributing a modified version of the Conti ransomware in attacks.
Last month, Kaspersky researchers uncovered a new portion of leaked data published on forums and noticed the presence of 258 private keys. The leak also included source code and some pre-compiled decryptor, which allowed the researchers to release new version of the public decryptor.
The researchers added all 258 keys to the latest build of Kaspersky’s utility RakhniDecryptor 1.40.0.00. Users can download the decryptor from the Kaspersky’s “No Ransom” site.
Below is the list of recommendations provided by the experts to protect organizations from ransomware attacks:
- Use Strong passwords with 2FA
- Don’t expose critical services to public networks unless it is necessary
- Patch regularly
- Employ defence in depth
- Back up data regularly.
- Integrate the security systems to get the latest threat intel information continuously