Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns by the Russian-speaking ransomware group Conti. In slightly more than a month, the gang compromised more than 40 companies worldwide. Conti’s techniques, tactics and tools mapped to the MITRE ATT&CK® matrix and our recommendations for protection are inside.
View report

Dangerous Conti

By the end of 2021, Conti came out on top as one of the largest and most aggressive groups in terms of the number of victims on its DLS, having published data belonging to 530 companies. In just four months in 2022, the group published data belonging to 156 companies on its DLS, making for a total of 859 victims in two years. Most attacks occurred in the United States (37%), but the campaign also surged through Europe, with victims in Germany (3%), Switzerland (2%), the Netherlands, Spain, France, the Czech Republic, Sweden, and Denmark (1% each).

The group also attacked organizations in the United Arab Emirates (2%) and India (1%). The top five industries most frequently targeted by Conti are manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%), and trade (5.5%).

In this report:

Analysis of Conti’s attacks from 2020 to 2022: geography of victims and industries

Kill Chain of Conti Attacks observed by Group-IB Threat Intelligence Team

Analysis of Conti affiliates’ working hours

Indicators of compromise and information about Conti’s techniques, tactics and tools mapped to the MITRE ATT&CK® matrix.

Recommendations for protection

Why it’s important to track Conti

We want to fill in the gaps in existing research on the tactics, tools and techniques relating to Conti ransomware.

Many security researchers have analyzed Conti attacks. A lot of data has already been leaked online about the group, which could have shut them down. But Conti has built a sustainable and scalable illicit ransomware business from both a technical and managerial standpoint.

This hydra has too many heads, and Conti’s continuous development as a project will likely make itself heard in one way or another.

Seeing as Conti is dangerous for both businesses and governments, it is crucial that cybersecurity experts are aware of the tactics and methodsthat the group uses. This is especially true considering that practically any business falls within the scope of the group’s interests, given the wide range of industries that the threat actors target

Download report

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Get new report Ransomware Uncovered 2021/2022