The Russo-Ukrainian conflict has extended beyond the physical battlefield, as a ransomware group has publicly announced its support of Putin, and has threatened to retaliate against those who hack Russia.
Following news that several international hacking groups have volunteered to bring down Russian websites, the Conti ransomware gang recently issued a warning that it will target anyone who launches a cyberattack against Moscow.
“The Conti Team is officially announcing a full support of Russian government. If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all (sic) possible resources to strike back at the critical infrastructures of an enemy,” a statement from the group said.
Conti would later change its online message, which said that they "do not ally with any government and we condemn the ongoing war,” but it would still respond to cyberattack attempts on Russia’s infrastructure.
BleepingComputer reported that Conti is “one of the most active ransomware actors in the industrial sector,” claiming responsibility for breaching 63 companies’ operating industrial control systems (ICS) in 2021 – most of which were in the manufacturing sector.
Commenting on the ransomware group’s statement, Emsisoft threat analyst Brett Callow told IT World Canada that Conti has been suspected to be a splinter of a Russian-based group that security analysts have dubbed Wizard Spider. Wizard Spider has also been associated with the development and deployment of the Ryuk ransomware and the Trickbot malware.
Conti’s announcement comes a week after Canada’s Communications Security Establishment (CSE) issued a warning that the country’s infrastructure could be the target of cyberattacks endorsed by Russia. CSE has pointed to a previous instance in 2017, when Russian operatives were discovered to be behind the NotPetya malware that affected IT systems worldwide.
