Monday, August 10, 17:42
Home security Conti ransomware uses 32 CPU challenges at the same time

Conti ransomware uses 32 CPU challenges at the same time

A lesser-known ransomware strain known as Conti uses up to 32 simultaneous CPU threads to encrypt files on infected computers for higher encryption speeds, security researchers at Carbon Black said Wednesday.

Conti is the latest in a long line of ransomware strains identified this year. Like most ransomware families today, Conti is designed to be controlled directly by an adversary, rather than running automatically on its own.

These types of ransomware strains are also known as "manually operated ransomware" and are designed to development during targeted intrusions into large corporations or government networks.

Conti works like most ransomware. However, it also comes with its own details, including some features not observed in other strains.

Conti ransomware CPU challenges

In a technical report released Wednesday, Carbon Black's TAU said that what stood out in their analysis of Conti code was its support for multi-threading functions.

This is not entirely unique. Other ransomware executives support them functions multiple threads, performing multiple concurrent "calculations" on the CPU to speed them up and allow the encryption process to be completed faster before file locking is detected and stopped by antivirus.

Other ransomware strains that use multiple CPU threads are REVIL (Sodinokibi), LockBit, Rapid, Thanos, Phobos, LockerGoga and MegaCortex - to name just a few. But Carbon Black says Conti stood out because of the large number of concurrent threads it used - that is, 32 - which resulted in "faster encryption compared to many other ransomware".

However, this was not the only detail that Carbon Black has identified in Conti. The second feature was a detailed control of ransomware encryption targets via a command-line client.

Carbon Black researchers say ransomware can be configured to bypass file encryption on local drives and encrypt data on shared SMB networks by simply feeding the ransomware binary a list of IP addresses via the command line.

In addition, this behavior can also confuse security teams investigating such incidents, who may not be able to locate a gateway to a network unless they have full control of all systems and allow hackers to remain hidden. within a single machine in the victim's network.

The third unique technique found in Conti code is to abuse Windows Restart Manager - the Windows component that unlocks files before restarting the operating system.

According to Carbon Black, Conti calls this component to unlock and terminate the application process so that it can encrypt their respective data. This trick can be incredibly useful on Windows servers, where most sensitive data is managed by a database that is almost always running.

There is currently no way to recover files locked through Conti ransomware, which means that all known prevention methods must be used - such as offline backup, workstation security and open remote management ports.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...

How to download Google Camera Port 7.4 / GCam 7.4 on Xiaomi devices?

Pixel devices have Google Camera (GCam) as their default camera application. And since the Pixel series is known for ...

How to type in multiple languages ​​simultaneously on Android

People in today's world are very much addicted to smartphones. They provide access to many applications that can be used mainly ...

LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...