Conti
High ConfidenceHigh ThreatWizard Spider • UNC1878 • GOLD ULRICK
Conti was one of the most prolific ransomware-as-a-service operations, active from 2020 until its dissolution in 2022. The group was responsible for hundreds of attacks against healthcare, government, and critical infrastructure organizations worldwide. Conti's internal communications were leaked in February 2022 following their public support for Russia's invasion of Ukraine, revealing their organizational structure and ties to the Russian cybercriminal ecosystem. Despite officially disbanding, Conti members have dispersed to other ransomware operations including Royal, Black Basta, and others.
Conti was one of the most prolific ransomware-as-a-service operations, active from 2020 until its dissolution in 2022. The group was responsible for hundreds of attacks against healthcare, government, and critical infrastructure organizations worldwide. Conti's internal communications were leaked in February 2022 following their public support for Russia's invasion of Ukraine, revealing their organizational structure and ties to the Russian cybercriminal ecosystem. Despite officially disbanding, Conti members have dispersed to other ransomware operations including Royal, Black Basta, and others.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
Conti is expected to continue operations targeting Healthcare sectors.
First observed activity of Conti
Continued active operations