Conti ransomware

Conti is a ransomware-as-a-service affiliate program associated with Russian threat actors. The developers of this ransomware sell or lease their ransomware technology to affiliates who use the technology to carry out attacks. The group also has a website on which they expose the sensitive documents from various attacks carried out on organizations in different sectors.

The group uses email phishing attacks to install TrickBot and BazaarLoader Trojans to gain remote access. The emails sent to victims are generally disguised as coming from trusted sources and point to a link that contains a malicious document. This document on Google Drive contains malicious payload and, once downloaded, a Bazaar backdoor malware that connects the device of the victim to Conti ransomware's server get downloaded as well.

Since the device is now compromised, Conti encrypts the data and demands a ransom in exchange for the decryption key. Conti targets medium to large-sized enterprises and the ransom amount depends on the organization's capacity to pay.

This video will cover how Conti ransomware works, evasion techniques, and how to remove Conti ransomware.

Watch the video to learn more!

     

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
  •  
  •  
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks

     
     

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.