Carbon Black: the Conti ransomware runs 32 threads at once to encrypt files

Computer security specialists from the company Carbon Black told about a new virus-the Conti ransomware, which is characterized by fast file encryption and some other features.

Conti belongs to the so-called “human-controlled ransomware viruses”. In other words, hackers first carry out a targeted attack on the computer networks of government departments or large companies, and then launch a virus.

At the same time, Conti starts 32 threads at once to ensure fast file encryption. Multithreaded viruses are not unique, but this number of threads is unusual. Another feature is the management of the virus via the console client. For example, a virus can be” set ” to encrypt only network directories, and files on the local computer can be left unchanged.

“In this way, hackers can provide a point effect even in an infected network and attack, for example, one specific server. In addition, this tactic allows the virus to remain undetected for longer, ” said Brian Baskin, technical Director for attack research at Carbon Black.

Another highlight of Conti is the use of the Windows Restart Manager component, which allows you to remove the file lock before restarting. This way, the virus can encrypt files that are normally blocked by another process. For example, database files. According to carbon Black specialists, this is a really rare technique.

Like other ransomware viruses, Conti requires a ransom payment in bitcoins to obtain a file decryption tool. However, there are currently no ways to decrypt files without paying a ransom.

It was recently reported that the Avaddon encryption virus uses Microsoft Excel macros to spread. In addition, at the beginning of the month, it became known that MacOS users were attacked by the EvilQuest virus.