Home / Definitions / Conti Ransomware

Conti Ransomware

Ali Azhar
Last Updated May 19, 2022 10:36 am

Conti ransomware first emerged in 2020. It uses a ransomware as a service (RaaS) model in which a malicious group sells or leases their already-developed ransomware tools to hackers. Read on to learn how Conti ransomware works and what users can do to prevent these kinds of attacks on their systems.

What Are Conti Ransomware Attacks?

In a Conti ransomware attack, the Conti group attacks victims by stealing sensitive data and threatening to leak the data to the public if their ransom demands are not met. The Conti ransomware attack is associated with Russian-speaking actors and has an organized structure that includes a CEO and general manager, who are known through their aliases. The group is pro-Russian and announced its support of Russia during the 2022 Russian invasion of Ukraine. 

How Do Conti Ransomware Attacks Work?

The algorithm used in Conti ransomware allows it to automatically scan networks of valuable targets to find security vulnerabilities. Once a vulnerability is identified, the ransomware software starts encrypting the files and infecting the operating system.

Compared to other ransomware, Conti ransomware is known to be more evasive and efficient. It immediately encrypts files, changes the file extensions, and connects to other computers on the network. It is also designed to disable some of the system security and monitoring features of the operating system, such as the Windows Defender application.

What Is the Impact of Conti Ransomware Attacks?

The Conti group has a history of targeting critical infrastructure and the supply chain of healthcare networks, municipalities, school systems, and energy companies. It is believed the members of the Conti group were part of the Ryuk hacking group until that group split, and the Conti group was formed in 2020. Victims of the Conti ransomware attack include the international terminal operator, SEA-Invest, which saw all 24 of its seaports attacked by Conti ransomware.

Conti ransomware was also used to attack German companies, Mabanaft Deutschland and Oiltanking Deutschland, reducing the companies to “limited capacity.” These companies are suppliers to major oil companies around the world, including Shell. 

Conti group is known to demand a ransom of $25 million from a single victim. The details of negotiations or ransom payments between victims and the Conti attackers have not been made public. 

Prevention of Conti-Like Attacks

In order to prevent Conti and Conti-like ransomware attacks, users should take the following steps to protect their systems, files, and critical data:

Use security monitoring and email security for earlier detection

Conti ransomware relies on phishing emails as a starting point. Companies can monitor security logs to detect any attempts to infiltrate the system and implement email protection solutions to keep their systems protected.

Stop lateral movement on the network

By protecting each endpoint of a network, companies can reduce security vulnerabilities in the system. Conti ransomware is designed to move laterally to infect other computers, so companies should limit this lateral movement by isolating the affected area.

Back up important data

One of the safest ways to ensure data is not lost to hackers, companies can perform regular data backups so business continuity is not limited or shut down due to the cyberattack.

Ready to protect your data against ransomware attacks? Learn about the Best Backup Software options on the market.