Thursday, August 6, 19:29
Home security Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware

The Conti ransomware is a new threat that aims corporate networks. Its advanced capabilities allow it to performs faster and more targeted attacks. The researchers noticed that this ransomware shares the same malware code with Ryuk, which has begun to disappear as Conti performs attacks.

Conti ransomware first appeared in individual attacks in late December 2019. Attacks gradually increased and in late June began to increase sharply.

Conti ransomware

The ransomware violates corporate networks and spreads to gain domain admin credentials. Once the attackers get it administrator rights, develop ransomware and move on encryption of devices.

It is unknown at this time what he will do after leaving the post archives of victims before encrypting devices.

The connection between Ryuk and Conti ransomware

In August 2017, the Hermes Ransomware sold at hacking forum by a Russian cybercrime criminal.

Ο Vitali Kremez believes that the hackers they may have bought this ransomware builder and turned it into Ryuk.

At some point, the criminals who used Ryuk broke up or decided to make some changes and started using the name “Accounts“, Which seems to be is based on the Ryuk version 2 code.

In addition to the similarities in the malware code, the researchers observed similarity in the note template for ransom.

In addition, Kremez noted the same TrickBot infrastructure be used by both Ryuk and Conti operators to carry out the attacks.

Although it's not 100% clear if Conti is Ryuk's successor, the submission charts in ID Ransomware demonstrate that The attacks Conti increases while Ryuk decreases.

Conti Ransomware: Some features are interesting

In a new report Carbon Black, the researchers described some interesting features of Conti Ransomware.

Prior to encryption, ransomware interrupts operation 146 Windows services, related to solutions security, creation backup, databases and emails. Conti ransomware also deletes Shadow Volume copies and begins to encrypt him computer.

When encrypting, ransomware appends the extension .CONTI in encrypted files and leaves a note for a ransom named CONTI_README.txt in each folder.

Ryuk ransomware

It also uses a unique encryption key AES-256 per file, which is then encrypted with a bundled public encryption key RSA-4096.

In the note, ransomware gives minimal information about attack and how to communicate with the attackers (another resemblance to Ryuk).

Ryuk ransomware

More details on the operation of Conti can be found here.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Listening to Twitter hack stopped due to porn!

According to a newspaper, the hearing about the teenage hacker who was responsible for the attack that took place on Twitter, which ...

Colorado paid a ransom of $ 45.000 to hackers

According to Lafayette, Colorado officials, the city's electronic systems were breached and officials were forced to pay a ransom to recover ...

Trump vs Biden: Instagram bug favors Trump!

In Instagram hashtag searches for Democratic candidate Joe Biden, content was promoted in favor of Donald Trump.

LibreOffice 7.0: Comes with new features and improved appearance

LibreOffice is one of the best alternatives to Microsoft Office. In addition to providing ...

Pompeo: "Eliminate Chinese apps from Apple and Google stores"!

US Secretary of State Mike Pompeo on Wednesday called for an extension of the US government's restrictions on Chinese technology, saying that ...

Microsoft brings Android applications to Windows 10!

Microsoft has decided to integrate Android applications into Windows 10 with the new update of the "Your Phone" application.

Nudgebox: From DNA analysis to Covid-19 detection

Nudgebox is the product of a small DNA testing company that a few months ago was trying to gain its place in genetics ...

Twitter: Android error exposes DMs and other user data to hackers!

Twitter announced that it fixed a bug found in the Twitter application for Android, which could allow hackers to ...

Trump: Facebook removes misinformation post about Covid-19

Facebook removes Donald Trump's post claiming that children are "almost immune" to Covid-19.

US: $ 10.000.000 to anyone who identifies election hackers!

A few months before this year's US presidential election to be held in November, the US State Department announced that it will give ...