Conti

Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. It was first observed in 2020 and it is thought to be led by a Russia-based cybercrime group that goes under the Wizard Spider pseudonym. In early May 2022, the US government announced a reward of up to $10 million for information on the Conti ransomware gang.

Victims

351

First Discovered

2020-07-31

victim

Last Discovered

2022-06-07

victim

Inactive Since

3yrs

more than

Avg Delay

N/A

attack→claim

Infostealer

N/A

victims with domain

View Victims on World Map

View group statistics

Known Locations (3)

Title	Available	Last Visit	FQDN
CONTI.News	No	2025-06-01 21:18:23	`continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion`
Access Blocked	No	2025-06-01 21:18:25	`continews.click`
Error Response Page	No	2025-06-01 21:18:26	`continews.bz`

Target (Available)

Heatmap (Available)

Ransom Notes (4)

Tools Used (Available)

This information is provided by Ransomware-Tool-Matrix
Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
AdFind Bloodhound PowerView Seatbelt ShareFinder SharpView SoftPerfect NetScan	AnyDesk Atera Splashtop placeholder placeholder placeholder placeholder	GMER PCHunter placeholder placeholder placeholder placeholder placeholder	Mimikatz ProcDump Router Scan SharpChrome placeholder placeholder placeholder	Cobalt Strike Metasploit Meterpreter PowerShell Empire PowerSploit Rubeus placeholder	placeholder placeholder placeholder placeholder placeholder placeholder placeholder	BITSAdmin NTDS Utility (ntdsutil) PsExec WMIC placeholder placeholder placeholder	Dropfiles MEGA Qaz[.]im RClone Sendspace WinSCP placeholder

Conti

Known Locations (3)

Target (Available)

Heatmap (Available)

Ransom Notes (4)

Tools Used (Available)

Vulnerabilities Exploited (0)

TTPs Matrix (0)

Negotiation Chats (32)

YARA Rules (1)

Indicators of Compromise (IoCs) (0)

Victims (351)