- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
By the end of 2021, Conti came out on top as one of the largest and most aggressive groups in terms of the number of victims on its DLS, having published data belonging to 530 companies. In just four months in 2022, the group published data belonging to 156 companies on its DLS, making for a total of 859 victims in two years. Most attacks occurred in the United States (37%), but the campaign also surged through Europe, with victims in Germany (3%), Switzerland (2%), the Netherlands, Spain, France, the Czech Republic, Sweden, and Denmark (1% each).
The group also attacked organizations in the United Arab Emirates (2%) and India (1%). The top five industries most frequently targeted by Conti are manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%), and trade (5.5%).
Analysis of Conti’s attacks from 2020 to 2022: geography of victims and industries
Kill Chain of Conti Attacks observed by Group-IB Threat Intelligence Team
Analysis of Conti affiliates’ working hours
Indicators of compromise and information about Conti’s techniques, tactics and tools mapped to the MITRE ATT&CK® matrix.
Recommendations for protection
We want to fill in the gaps in existing research on the tactics, tools and techniques relating to Conti ransomware.
Many security researchers have analyzed Conti attacks. A lot of data has already been leaked online about the group, which could have shut them down. But Conti has built a sustainable and scalable illicit ransomware business from both a technical and managerial standpoint.
This hydra has too many heads, and Conti’s continuous development as a project will likely make itself heard in one way or another.
Seeing as Conti is dangerous for both businesses and governments, it is crucial that cybersecurity experts are aware of the tactics and methodsthat the group uses. This is especially true considering that practically any business falls within the scope of the group’s interests, given the wide range of industries that the threat actors target
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®