Research Details the Day-by-Day Unfolding of a Human-Operated Conti Attack Using
Fileless Ransomware, Background on the Ransomware’s Behaviors, and Defender Advice
In a new three-part series of articles, Sophos researchers and incident responders unveil what really happens when attackers break into an organization’s network with the intention of stealing data and launching a Conti ransomware attack.
Conti is a human-operated “double extortion” ransomware. The attackers steal data from their targets before encrypting it, and then threaten to expose the stolen information on the “Conti News” site if the organization doesn’t pay the ransom.
Sophos’ 24/7 incident response team, Sophos Rapid Response, was called in to contain, neutralize and investigate the incident, which unfolded over five days from the initial compromise to the recovery of work operations. The series of articles from Sophos reconstructs the attack as it happened day-by-day and provides technical information on Conti’s attack behavior as well as advice for defenders.