Conti ransomware was discovered in December 2019 and is delivered via TrickBot. It’s been utilized against large companies and government institutions across the world, especially in North America. Conti steals important files and information from targeted networks and threatens to disseminate it unless the ransom is paid. Conti ransomware enhances performance by utilizing “up to 32 simultaneous encryption operations,” and is very likely directly controlled by its controllers. This ransomware can target network-based resources while ignoring local files. This feature has the noticeable impact of being able to create targeted harm in an environment in a way that might hinder incident response actions.
During the Russian-Ukrainian cyber warfare, threat groups and hacktivists have taken sides in support of either party. Russian originator Conti announced their support for Russia, but shortly after their data was breached and code for the ransomware was leaked. Similarly, NB65 group took Ukraine’s side and retaliated with attacks on VGTRK and the Russian Space Agency ‘Roscosmos’.
The group has created a unique ransomware from the leaked conti code and changed the ransomware note, added .NB65 extension to the encrypted file’s names, and the encryption process was also modified to change the decryptor.