On Wednesday 9th of March 2022, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. The initial advisory was released on Wednesday 22nd of September 2021 and stated that they had observed Conti ransomware being used in more than 400 attacks on U.S. and international organisations. Although the recent re-released advisory states that they now seen more than 1000 attacks.
The advisory also notes that Trickbot and Cobalt Strike have been key attack vectors for Conti ransomware attacks and the recent leaks of Conti message logs, source code, and administrative panel has also revealed a load of IoCs and trends of the Conti ransomware operation. A key dataset of IoC has been a batch of 98 domain names that seem to have similar registration and naming characteristics to those been observed in Conti ransomware attacks.