Skip to content

Hide Navigation Hide TOC

Conti (201eff54-d41e-4f70-916c-5dfb9301730a)

Conti ransomware is a RaaS and has been observed encrypting networks since mid-2020. Conti was developed by the “TrickBot” group, an organized Russian cybercriminal operation. Their reputation has allowed the group to create a strong brand name, attracting many affiliates which has made Conti one of the most widespread ransomware strains in the world. One of the last known “Conti” attacks was against the government of Costa Rica in April 2022 causing the country to declare a state of emergency. Shortly after this final attack, the “Conti” brand disappeared. The group behind it likely switched to a different brand to avoid sanctions and start over with a new, clean reputation.

Cluster A Galaxy A Cluster B Galaxy B Level
Conti (201eff54-d41e-4f70-916c-5dfb9301730a) Ransomware BlackBasta (9db5f425-fe49-4137-8598-840e7290ed0f) Ransomware 1
Conti (201eff54-d41e-4f70-916c-5dfb9301730a) Ransomware BlackByte (1c43524e-0f2e-4468-b6b6-8a37f1d0ea87) Ransomware 1
Conti (201eff54-d41e-4f70-916c-5dfb9301730a) Ransomware QuantumLocker (0ca6ac54-ad2b-4945-9580-ac90e702fd2c) Ransomware 1
Qbot (421a3805-7741-4315-82c2-6c9aa30d0953) Botnet BlackBasta (9db5f425-fe49-4137-8598-840e7290ed0f) Ransomware 2
Mountlocket (7513650c-ba09-49bf-b011-d2974c7ae023) Ransomware QuantumLocker (0ca6ac54-ad2b-4945-9580-ac90e702fd2c) Ransomware 2
Qbot (421a3805-7741-4315-82c2-6c9aa30d0953) Botnet ProLock (c4417bfb-717f-48d9-bd56-bc9e85d07c19) Ransomware 3