What is Conti?

glossary

The Conti ransomware is believed to be operated by Wizard Spider, a cybercrime group based in Russia.

This group uses phishing attacks to install the TrickBot and BazarLoader Trojans and gain remote access to infected machines.

Using this remote access, an attacker can spread horizontally through the network, stealing credentials and harvesting unencrypted data stored on workstations and servers.

Once it has stolen valuable data and gained access to Windows domain credentials, it waits for a quiet time of the week to deploy the ransomware on the network and encrypt all devices.

The Conti group then uses the stolen data as a shield to force the victim to pay the ransom, and threatens to publish the ransom data on a leak site if payment is not made.

What is double-extortion?

Conti’s previous ransomware attacks include Sangoma, a FreePBX developer, Advantech, an IoT chip maker, Broward County Public Schools (BCPS), Scottish Environment Protection Agency (SEPA), and others. Protection Agency (SEPA), among others.

Comments

タイトルとURLをコピーしました