BleepingComputer (@BleepinComputer )

BleepingComputer

Bio Breaking technology news, security guides, and tutorials that help you get the most from your computer. DMs are open. Feel free to use it to send story tips.
Location New York
Tweets 17,0K
Followers 67,3K
Following 99
Account created 23-06-2009 16:41:34
ID 50026664

Twitter Web App : 2020-07-05: 🆕🔥 [Breaking] New Blog: The Dark Web of Intrigue: How #REvil Used the Underground Ecosystem to Form an Extortion Cartel by our team Yelisey Boguslavskiy & Daniel Frey

📌Underground Extortion Business Model | REvil Pursues High-Value Targets

advanced-intel.com/post/the-dark-…

Twitter Web App : To confirm this , some AntiMalware engines even detect it has Ryuk virustotal.com/gui/file/eae87… twitter.com/bleepincompute…

Twitter Web App : Conti is definitely a ransomware we need to keep an eye on as it continues to ramp up distribution, while Ryuk slowly fades away.

Twitter Web App : Finally, Michael Gillespie has told BleepingComputer that the ransomware uses a different AES key to encrypt each file and then encrypts that key with a bundled RSA-4096 public key. Each victim gets a unique RSA key.

Twitter Web App : Conti also uses the Windows Restart Manager API to shutdown processes and services keeping a file open that the ransomware is trying to encrypt. This API was also used by Medusa Locker, SamSam, REvil, and LockerGoga in the past.

Twitter Web App : Conti uses 32 threads, where each thread encrypts a different file, in order to speed up the encryption of a device. In our tests, while definitely faster, this does increase CPU utilization and disk usage, which has a noticeable effect on the performance of the machine.