Conti is believed to leverage initial access services from the TrickBot malware operation. The group’s core developers seem Russia-based, but its affiliates are global. Conti pioneered the double extortion approach, combining data theft with encryption to pressure victims. Conti actors aggressively extort victims by stealing sensitive data, encrypting systems, and demanding massive cryptocurrency ransoms not to leak the data (CISA, 2022). Conti operates via a Ransomware-as-a-Service (RaaS) model, utilizing a network of affiliates to gain access and deploy Ryuk ransomware payloads onto target networks. The Conti ransomware group emerged in 2020 but gained notoriety in 2021 after executing high-impact ransomware attacks on hundreds of critical infrastructure organizations globally, including healthcare networks, schools, and emergency services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |