What Is Conti Ransomware and What Makes It Different?

Infamous for taking down large corporations and countries alike, Conti Ransomware has slowly grown in popularity. Here's everything you need to know.

On 31 October 2021, the news surfaced online of a hack into the premium jewelry brand, Graff. Thousands of personal documents were leaked onto the dark web, including information of high-profile customers like David Beckham and Donald Trump.

The UK diamond company was hit by Conti ransomware. This isn’t a one off case, either. In 2021 alone, the Conti gang has managed to pillage somewhere close to $180 millions from its target market—making it the biggest ransomware group.

So what really is Conti ransomware, and how has it caused so much havoc so far?

What Is Conti Ransomware?

To understand Conti ransomware, it’s important to properly nail down what ransomware is first. Briefly, a ransomware is a type of malware that steals and threatens to publish your data or block your access to it through encryption, unless you pay the requested ransom amount.

The Conti ransomware, in contrast to more general, everyday ransomware, is different—and much more successful—because of the sheer speed with which it encrypts the data and spreads it to other computer systems.

On top of its rapidity and efficiency, the ransomware also employs what’s called the “double-extortion” technique. What this means is that the Conti ransomware not only encrypts the users' data, but it also creates copies of it while it is encrypting them; the Conti ransomware then leaks this data onto an open market in case a victim refuses to pay.

Prevention is better than cure. So, how do you stop Conti ransomware from infecting your systems in the first place? For that, you need to understand how a Conti attack takes place first.

How Does Conti Ransomware Work?

Like your general run-of-the-mill ransomware, the Conti also gains access to your PC through email phishing scam that contains malicious links or downloads. Although this is one of the most popular ways, it’s not the only one. Sometimes, the infiltration can also take place through RDP (Remote Desktop Protocol) servers.

Fake software can spread Conti ransomware via networks like ZLoader, SEO techniques, and other well-known vulnerabilities in external IT assets.

Once the ransomware has a foot in the door, it will then try—through a combination of tools and methods—to gain access to your servers, backups, backup of backups, and even your security software defense.

After Conti has completely infiltrated your network, it will then start pillaging your confidential business data. Remember the double-extortion technique? While the Conti ransomware is looting your data, behind the scenes, it’ll also be encrypting your data to lock you out of it.

In contrast to other ransomware attacks, the Conti is peculiar in that it also puts in several backdoors in your system. So if you try to fiddle your way out without paying the ransom in any way, the group will run another attack on your network or threaten to publish your sensitive information.

This is why some people believe it’s better to pay the ransom and be done with it. It is obvious, however, that there’s no way to know if the hackers will really delete your stolen data or even decrypt your files.

Stop Conti Ransomware From Running Riot

Like everything in cybersecurity, there’s no solid, foolproof way to save yourself from Conti ransomware attacks. This, however, doesn't mean you shouldn't fight back and take any measures at all.

In fact, if you take the relevant measures, chances are you’re much more likely not to get attacked in the first place. So, what can you do?

1. Hire (and pay) a well-trained team of security professionals that will handle the backbone of your network and its security.
2. Make sure all your employees—or at the very least employees that have any level of involvement with IT—are trained on the best practices for maintaining online security.
3. Have a solid incident response plan in place to counter any unsuspected attacks.

These are just some ways to bolster your security against a Conti attack, as well other threats in general.

The Surge of Conti Ransomware

Despite the news that the group responsible is being dismantled—some time after they hacked the Costa Rica government and threatened to overthrow them—their threat of resurfacing unannounced still looms.

In such a climate, then, it's more than helpful to keep tabs on all the cybersecurity nitty-gritty for keeping your systems safe.