Conti (ransomware)

Conti
Formation	December, 2019
Type	Malware, Ransomware as a Service (RaaS)

Conti is malware developed and first used by the Russia-based hacking group "Wizard Spider" in December, 2019.^[1]^[2] It has since become a full-fledged ransomware-as-a-service (RaaS) operation used by numerous threat actor groups to conduct ransomware attacks.

The Conti malware, once deployed on a victim device, not only encrypts data on the device, but also spreads to other devices on the network, obfuscates its presence, and provides a remote attacker control over its actions on the objective.^[1] All versions of Microsoft Windows are known to be affected.^[3] The United States government offered a reward of up to $10 million for information on the group in early May 2022.^[4]

^ ^a ^b "Conti, Software S0575 | MITRE ATT&CK®". attack.mitre.org. Retrieved 31 May 2024.
^ Team, The CrowdStrike Intel (16 October 2020). "Wizard Spider Modifies and Expands Toolset [Adversary Update]". crowdstrike.com. Retrieved 31 May 2024.
^ "Conti Ransomware". NHS Digital. 9 July 2020. Retrieved 14 May 2021.
^ "Conti Ransomware | CISA". www.cisa.gov. 9 March 2022. Retrieved 31 May 2024.

[:0-1] "Conti, Software S0575 | MITRE ATT&CK®". attack.mitre.org. Retrieved 31 May 2024.

[2] Team, The CrowdStrike Intel (16 October 2020). "Wizard Spider Modifies and Expands Toolset [Adversary Update]". crowdstrike.com. Retrieved 31 May 2024.

[nhs-digital-conti-3] "Conti Ransomware". NHS Digital. 9 July 2020. Retrieved 14 May 2021.

[4] "Conti Ransomware | CISA". www.cisa.gov. 9 March 2022. Retrieved 31 May 2024.

[1]

[2]

[3]

[4]