The Week in Ransomware - September 8th 2023 - Conti Indictments
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. [...]
TrickBot is malware associated with cyber incidents, with reporting on its analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
TrickBot is a modular Windows malware family first identified as a banking Trojan in 2016. Its modules have supported theft of credentials and other sensitive information, system discovery, and remote control. In documented campaigns, operators also used TrickBot as an access and payload-delivery component, including before ransomware activity; those associations do not mean every TrickBot infection leads to ransomware.
Reporting commonly covers TrickBot’s modules, command-and-control infrastructure, changing delivery mechanisms, and efforts to disrupt its operations. For defenders, an alert should prompt investigation beyond the initially infected host: isolate it, examine authentication and endpoint telemetry for credential theft or lateral activity, and reset exposed credentials from a trusted system. Keeping operating systems and internet-facing software patched, restricting administrative access, and monitoring unusual outbound connections can reduce the opportunity for follow-on activity. Threat-intelligence indicators are useful for detection, but should be combined with behavioral evidence because the malware and its infrastructure have changed over time.
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. [...]
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang
US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.
Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…
These new sanctions follow a first wave in February 2023, where seven Russians involved with Trickbot and Conti were also sanctioned
The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations. [...]