Conti is an advanced form of ransomware controlled by the Russian cybercriminal gang, Wizard Spider. In 2020, the FBI connected Conti to more than 400 cyberattacks against organizations worldwide, 75% of which are based in the United States. With Conti making demands in excess of $25 million, it is one of the most dangerous and greediest forms of malware around today.


Conti software uses advanced data encryption methodologies and infiltrates IT networks much more quickly than most other forms of ransomware. Its main MO is through phishing emails, hoping that one or more unwitting employees will open an email and click on a malicious link. And Wizard Spider are relentless, according to a spokesperson from Palo Alto Networks, one of the world’s foremost multinational cybersecurity companies. He said:

“Sometimes they’ll send a blitz of scam emails to employees throughout an organization, and it takes only one to open the attachment and release the malware into the network.”


Conti uses a two-prong strategy in its attacks:

  • First off, it locks a victim’s data and demands a ransom for it to be released.
  • Secondly, if the victim refuses to meet the demands of the hacker and pay the ransom, the data, which was also stolen by Conti, could be published in the public domain.

With Conti, Wizard Spider also leverages the booming ransomware-as-a-service (RaaS) ecosystem by purchasing access to cyber systems from third-party cybercriminals, also procuring infrastructure, malware, communications tools and money laundering from other RaaS providers.


Giving in to Conti and paying the ransom doesn’t necessarily mean that an organization will get its data returned unscathed. In one case this year,  Conti did not return a client’s files who had paid the ransom. Instead, they only received a small fraction of the file restorations that were promised before the Conti ransomware representatives disappeared back into the dark web, along with the company data.


As with all cybercrime gangs, Wizard Spider and its pal Conti are constantly adapting to changes. The group has been under constant scrutiny by the likes of  Europol, Interpol, FBI and also the National Crime Agency in the United Kingdom since 2020. The high-profile attacks on the Colonial pipeline and healthcare organizations have made the authorities even more determined to apprehend cybercrooks. But often they are unsuccessful. Following the ransomware attack on the Irish healthcare system, the Health Service Executive, in May this year, Conti provided the agency with what it said was a free decryption key. But here’s the rub: Wizard Spider maintained that it would publish the stolen data on its leak site, still making good on its double extortion promise.


I’m not one to surrender to cybercriminals and neither should you. Contact me today and give Wizard Spider the knock on the head that it deserves. With several IT qualifications and more than 20 years of experience in numerous IT functions, I am a recognised expert in risk mitigation and cybersecurity. I will train and educate your employees in cybersecurity so that they don’t foolishly click on that fatal link. I’m here to help so what are you waiting for?

Leave a comment