Conti is a ransomware-as-a-service affiliate program associated with Russian threat actors. The developers of this ransomware sell or lease their ransomware technology to affiliates who use the technology to carry out attacks. The group also has a website on which they expose the sensitive documents from various attacks carried out on organizations in different sectors.
The group uses email phishing attacks to install TrickBot and BazaarLoader Trojans to gain remote access. The emails sent to victims are generally disguised as coming from trusted sources and point to a link that contains a malicious document. This document on Google Drive contains malicious payload and, once downloaded, a Bazaar backdoor malware that connects the device of the victim to Conti ransomware's server get downloaded as well.
Since the device is now compromised, Conti encrypts the data and demands a ransom in exchange for the decryption key. Conti targets medium to large-sized enterprises and the ransom amount depends on the organization's capacity to pay.
This video will cover how Conti ransomware works, evasion techniques, and how to remove Conti ransomware.
Watch the video to learn more!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
