Conti ransomware is one of the most prolific malware strains in the global cyber threat landscape. Conti has cost organizations more than $150 million in ransom fees since 2020 and has affected more than 1,000 businesses worldwide.

Conti is a second-stage malware attributed to the Wizard Spider group. It is believed to be the successor to the prolific Ryuk ransomware. While first-stage malware is purposed for gaining initial access, second-stage malware establishes command-and-control (C2) on a victim’s system, collecting information about the network and achieving primary strategic goals such as stealing and encrypting valuable data.

Attackers deploying Conti ransomware often employ a double extortion tactic, meaning that victims are coerced into paying ransom twice: once to regain access to their encrypted files and again to prevent stolen data from being released to the public.

Conti also uses a Ransomware-as-a-Service (RaaS) attack model. RaaS allows an affiliate to get paid for successfully deploying first-stage malware on an organization’s infrastructure, giving the primary threat actor immediate access to the target network for second-stage exploitation and coercion.