Conti ransomware campaigns

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf cyberattack campaign
gptkbp:associatedWith gptkb:Ryuk_ransomware
gptkbp:ceased_operations 2022
gptkbp:connectsTo gptkb:Wizard_Spider
gptkbp:firstReported 2020
https://www.w3.org/2000/01/rdf-schema#label Conti ransomware campaigns
gptkbp:interruptedBy gptkb:law_enforcement
gptkbp:leakSite gptkb:Conti_News
gptkbp:notableEvent gptkb:HSE_Ireland_attack
Costa Rica government attack
gptkbp:perpetrator gptkb:Conti_ransomware_group
gptkbp:ransomDemanded gptkb:cryptocurrency
gptkbp:target gptkb:government_agency
healthcare sector
organizations worldwide
critical infrastructure
gptkbp:technique double extortion
gptkbp:TTPs gptkb:Cobalt_Strike
gptkb:Kerberos_ticket_abuse
gptkb:Windows_Defender_exclusion_abuse
data encryption
data exfiltration
phishing emails
PowerShell scripts
living off the land techniques
malicious attachments
remote access tools
RDP brute force
lateral movement
privilege escalation
scheduled tasks
network reconnaissance
credential dumping
public shaming of victims
shadow copy deletion
Active Directory compromise
disabling security software
domain controller compromise
negotiation with victims
threatening data leaks
use of Tor for communication
use of affiliate model
use of cryptocurrency wallets
use of custom ransomware builder
use of encrypted chat channels
use of remote desktop protocol
use of stolen credentials
gptkbp:usesMalware gptkb:Conti_ransomware
gptkbp:bfsParent gptkb:BazarLoader
gptkbp:bfsLayer 6