Conti Ransomware Steals Cyber Insurance Policy Data

While your cyber insurance policy may help alleviate some of the financial costs associated with a ransomware attack, researchers at Advanced Intelligence explain how details of the policy could also be used against you. Recently leaked training material reveals how Conti ransomware attackers exploit legitimate software to gain access to a network and search for cyber insurance policies. A seemingly disgruntled Conti affiliate posted the IP addresses for command-and-control servers used by the ransomware gang and training material for how to conduct a ransomware attack. The leak demonstrated how the ransomware gang circumvents security protocols by installing remote access software to gain control of a network. In addition, the leaked training materials specifically instruct the attacker to search for documents related to the company’s financial reports and cyber insurance – if they have one. The financial and cyber insurance policy details are then used to set the initial ransom demand and during any negotiations that might occur if an organization finds itself having to make the difficult decision to pay. For more, including how to detect this activity, visit Bleeping Computer.