VERY IMPORTANT

Conti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2 2021 Coveware ransomware report. The groups deploying this RaaS have only grown more prevalent. Despite the group having it’s affiliate guide leaked, which revealed many techniques already covered in previous reports, the group’s using the ransomware are unlikely to let up any time soon. In July The Dfir Report team witnessed a BazarLoader campaign that deployed Cobalt Strike and ended with domain wide encryption using Conti ransomware.