Conti ransomware

GPTKB entity

Statements (56)
Predicate Object
gptkbp:instanceOf malware
gptkbp:acceptsPaymentMethod gptkb:Bitcoin
gptkbp:affects gptkb:government_ministry
private companies
education sector
healthcare sector
organizations worldwide
gptkbp:associatedWith gptkb:Ryuk_ransomware
gptkbp:developedBy gptkb:Conti_cybercrime_group
gptkbp:encryption victim files
gptkbp:firstAppearance 2020
https://www.w3.org/2000/01/rdf-schema#label Conti ransomware
gptkbp:language gptkb:Russian
gptkbp:leakedBy gptkb:ContiLeaks
gptkbp:notableBattle gptkb:Costa_Rica_government
gptkb:Irish_Health_Service_Executive_(HSE)
gptkbp:notableFeature gptkb:loyalty_program
customizable ransom notes
data leak site
fast encryption speed
highly automated attack chain
human-operated attacks
gptkbp:prohibitsTargeting gptkb:CIS_countries
gptkbp:ransomNote CONTI_README.txt
readme.txt
gptkbp:relatedTo gptkb:Hive_ransomware
gptkb:LockBit_ransomware
gptkb:TrickBot_group
gptkb:Wizard_Spider
gptkbp:requires ransom payment
gptkbp:shutDown 2022
gptkbp:sourceCodeLeaked 2022
gptkbp:target gptkb:Windows_operating_system
gptkbp:uses gptkb:Windows_Management_Instrumentation_(WMI)
gptkb:Cobalt_Strike
gptkb:living_off_the_land_binaries_(LOLBins)
gptkb:BazarLoader
gptkb:TrickBot
data exfiltration
phishing emails
PowerShell scripts
command and control servers
network propagation
Active Directory enumeration
double extortion
Kerberos ticket extraction
Windows Defender exclusion
credential dumping
remote desktop protocol (RDP) brute force
shadow copy deletion
gptkbp:bfsParent gptkb:IcedID
gptkb:SystemBC
gptkb:Ryuk_ransomware
gptkb:TrickBot
gptkb:Wizard_Spider_group
gptkbp:bfsLayer 6