Ransomware-as-a-Service: Auditing Conti and REvil TTPs Using MITRE ATT&CK

Logo
Presented by

Dan Kaiser, Sally Vincent, and Brian Coulson

About this talk

Conti ransomware has jumped to the forefront as one of the most common ransomware variants seen today. Historically targeting critical infrastructure, this ransomware-as-a-service leverages spearphishing campaigns, vulnerabilities, remote desktop applications, and more to gain access to victim organizations. Considered a targeted version of REvil ransomware, Conti has been involved in at least 400 attacks worldwide and follows the now-expected trend of data theft, encryption, ransom, and extortion. Because ransomware like Conti evolves over time, the MITRE ATT&CK Framework provides detailed information about how the impactful ransomware variant acts during an attack. The latest version 10 (just released) offers insight into how data is encrypted and what steps Conti takes to ensure systems are not recoverable. But, how do you take the somewhat academic details from MITRE and translate them into actionable auditing to help detect Conti and REvil should your organization be attacked? In this session, LogRhythm’s threat research engineering team, Brian Coulson (Principal Threat Research Engineer), Dan Kaiser (Senior Threat Research Engineer), & Sally Vincent (Senior Threat Research Engineer) will walk you through practical steps to go from MITRE TTP to real-world auditing. Brian will provide a primer on REvil and Conti to lay the groundwork for specific TTPs that will be covered. Then Dan and Sally will dive into specific MITRE TTPs shared by both variants, including: T1486 Data Encrypted for Impact T1490 Inhibit System Recovery Brian will also discuss some of the free “benign” ransomware simulators you can use to replicate activity for testing detection via auditing solutions, with Dan and Sally showing what specifically to audit for to properly detect Conti and/or REvil. This real training for free event is jam packed with technical detail and real-world application. Watch on-demand today!
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (257)
Subscribers (76633)
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com