Last Updated on 22/11/2021 by Anamika
The TrickBot Trojan has been deploying Conti ransomware on infected machines and devices. Apparently, TrickBot collaborated with Shathak Attackers to make this possible.
“The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities. TrickBot has played a major role in many attack campaigns conducted by different threat actors, from common cybercriminals to nation-state actors.”According to the reports of The Hacker News
Further reports state that the collaboration with Shathak is not the only one. TrickBot has been doing these collaborations for a long time now to deploy various kinds of malicious attacks.
Shathak is a sophisticated cybercrime actor targeting end-users on a global scale. It acts as a malware distributor by leveraging password-protected ZIP archives containing macro-enabled Office documents.
TrickBot has also been accessing malicious software in addition to maintaining the Conti Ransomware. It also updates the same and manages the ransomware so that to access the sensitive information of the organizations.
The attacks generally lead to sending of phishing emails with attached malware-laced documents, which when opened will lead to the deployment of various malicious malware, hence, corrupting the system.
To secure systems against Conti ransomware, the agencies recommend enforcing a variety of mitigation measures, including “requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.” (The Hacker News)