Conti is a ransomware-as-a-service affiliate program associated with Russian threat actors. The developers of this ransomware sell or lease their ransomware technology to affiliates who use the technology to carry out attacks. The group also has a website on which they expose the sensitive documents from various attacks carried out on organizations in different sectors.
The group uses email phishing attacks to install TrickBot and BazaarLoader Trojans to gain remote access. The emails sent to victims are generally disguised as coming from trusted sources and point to a link that contains a malicious document. This document on Google Drive contains malicious payload and, once downloaded, a Bazaar backdoor malware that connects the device of the victim to Conti ransomware's server get downloaded as well.
Since the device is now compromised, Conti encrypts the data and demands a ransom in exchange for the decryption key. Conti targets medium to large-sized enterprises and the ransom amount depends on the organization's capacity to pay.
This video will cover how Conti ransomware works, evasion techniques, and how to remove Conti ransomware.
Watch the video to learn more!
Logging is a fundamental feature of software. A flaw in Log4j...
3.00
On April 29, 2022, the United States government...
3.00
First discovered in 2007, Qakbot is widespread malware used for stealing information...
3.00
Originally developed as a banking trojan in 2014, Emotet malware was...
3.00
Created in 2012 by Raphael Mudge, Cobalt Strike is a remote...
3.00
Mimikatz is an open source application that allows users to view and save...
3.00
Belonging to the Cryptomix ransomware family, Clop ransomware...
3.00
Originally designed by a group of sophisticated cybercriminals as a banking...
3.00
Colonial Pipeline, a jet fuel and gasoline provider for the eastern United...
3.00
A California-based information security and compliance firm, Qualys,...
3.00
Mirai malware infects devices that run on the ARC processor, turning...
3.00
IcedID, aka BokBot, is a banking trojan-type malware that can be used...
3.00
SocGholish is an initial access threat that uses drive-by-downloads that...
3.00
First discovered in 2014, Agent Tesla is an advanced Remote Access...
3.00
First discovered in 2018, Shlayer malware has become one of the most...
3.00
Identified in September 2011, GameOver Zeus is a peer-to-peer (P2P) variant...
3.00
First discovered in 2016, LokiBot is infostealing malware that...
3.00
Sold in underground forums, the NanoCore remote access Trojan...
3.00
Man-in-the-middle (MitM) attacks take place...
3.00
GandCrab ransomware encrypts victims files...
3.00
FormBook is an infostealer malware that steals...
3.00
Shamoon is a dangerous malware program used in...
3.00
Lapsus is a hacking group that gained noto...
3.00
The njRAT, also known as Bladabindi, is...
3.00
The Phorpiex Botnet, initially a worm...
3.00
HawkEye keylogger is a formidable...
3.00
TeslaCrypt is a ransomware variant...
3.00
You will receive regular updates on the latest news on cybersecurity.
© 2025 Zoho Corporation Pvt. Ltd. All rights reserved.