Jump to content

Talk:Conti (ransomware)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Ransomware or a ransomware group?

[edit]

Perhaps both? Relation to Wizard Spider? The article currently includes material on both the malware and an eponymous group. Yet the hatnote and article name would suggest malware. --Palosirkka (talk) 05:51, 17 April 2022 (UTC)[reply]

I agree that it refers to both - I think originally it was about the malware, but drifted to include both. I'm not sure what a suitable new name would be - perhaps a separate page for the Conti Group? Autarch (talk) 16:20, 21 May 2022 (UTC)[reply]
Admittedly, I'm not 100% sure if Wizard Spider and the Conti Group are the same or merely overlap in some members.Autarch (talk) 16:22, 21 May 2022 (UTC)[reply]
Hello,
Looked into this myself today. Found several sources which corroborate that it is primarily a family of ransomware variants, as well as a Ransomware as a Service (RaaS) operation made up of a core group (likely Wizard Spider since they developed it originally) and "recruited affiliates" which help with specific, but peripheral parts of the operation.
This info is from MITRE ATT&CK (publicly available framework for tracking threat actor groups, as well as malware like Conti) and CISA (US government agency).
All that being said, I think it is primarily malware. But because Wizard Spider offers Ransomware as a service which employs Conti (as seen in the TTPs discovered by forensic/ threat intelligence teams during and after an incident), it is often referred as a 'group' in articles etc..
I think calling it a 'group' is erroneous since it is not a hacking 'group' in the same way that, say, Wizard Spider or APT19 is a group.
I tried to reflect this in my recent edit. AnaisCarver (talk) 23:17, 31 May 2024 (UTC)[reply]

Should the Known Targets section add Costa Rica institutions?

[edit]

They have been attacked for the past month or so. The attack was directed at the Institution responsible for the Treasury — Preceding unsigned comment added by 201.198.177.255 (talk) 05:16, 19 May 2022 (UTC)[reply]