Conti? You’ve probably never heard of them. Neither had Palo Alto Networks, one of the world’s foremost multinational cybersecurity companies, until a year ago. But in the cyber world and on the Dark Web, Conti is out there, lurking and waiting to prey on its next victim. In 2020, the FBI connected Conti to more than 400 cyberattacks against organizations worldwide, 75% of which are based in the United States. With Conti making demands as high as $25 million, it makes it one of the greediest global cybercrime syndicates.



Conti is an advanced form of ransomware that has been unleashed by Wizard Spider, the cybercrime gang that operates out of Saint Peterburg in Russia. Wizard Spider has an estimated 80 employees, and according to sources, some of them may not know that they work for a criminal organization. The group has been a target of Europol, Interpol, FBI and also the National Crime Agency in the United Kingdom since 2020. Wizard Spider was also responsible for Ryuk ransomware known for targeting large, corporations that use  Microsoft Windows. According to the FBI, in 2019 more than $61 million was paid out by the victims of Ryuk attacks.




Conti software uses unprecedented methods of data encryption and infiltrates IT networks much more quickly than most other ransomware. Moreover, when it comes to using Conti, Wizard Spider leverages the booming ransomware-as-a-service (RaaS) ecosystem by purchasing access to cyber systems from third-party cybercriminals, also procuring infrastructure, malware, communications tools and money laundering from other RaaS providers. Conti’s MO is both smart and terrifying. It uses a ‘double extortion’ approach. On the one hand, the hackers lock the victim’s files and demand ransom – typical of any ransomware attack. But now here’s the rub. If a business or individual decides not to pay up, Conti ransomware also steals data and hackers threaten to publish them in the public domain should their demands not be met. According to a spokesperson from Palo Alto Networks:


“ Unfortunately, keeping Conti out of your network often isn’t simple. A primary means of infection appears to be through phishing scams, and attackers are constantly upping their game in this area. While phishing emails used to be pretty easy for almost anyone to spot, particularly after some awareness training, we are seeing increasingly sophisticated attacks in which the threat actors have done plenty of homework on their intended victims. Sometimes they’ll send a blitz of scam emails to employees throughout an organization, and it takes only one to open the attachment and release the malware into the network.”




While the words from Palo Alto Networks may not sound very encouraging, there is a lot that you can do to prevent a ransomware attack. You’ve no doubt heard the expression prevention is better than cure. In this case, threat prevention is key. Zhero has advanced cybersecurity solutions with always-on security monitoring. This means that your data is never at risk of being lost or breached. Contact Zhero today and make Conti, and its proponent, Wizard Spider, an afterthought.