Conti ransomware: Evasive by nature

In part of a three-part series, Andrew Brandt and Anand Ajjan of Sophos write:

For the past several months, both SophosLabs and the Sophos Rapid Response team have been collaborating on detection and behavioral analysis of a ransomware that emerged last year and has undergone rapid growth. The ransomware, which calls itself Conti, is delivered at the end of a series of Cobalt Strike/meterpreter payloads that use reflective DLL injection techniques to push the malware directly into memory.

Read more on Sophos.

Related:  A Conti ransomware attack day-by-day

Related:  What to expect when you’ve been hit with Conti ransomware


About the author: Dissent

Comments are closed.