Conti ransomware: Evasive by nature

February 16, 2021

In part of a three-part series, Andrew Brandt and Anand Ajjan of Sophos write: For the past several months, both SophosLabs and the Sophos Rapid Response team have been collaborating on detection and behavioral analysis of a ransomware that emerged last year and has undergone rapid growth. The ransomware, which calls itself Conti, is delivered at the end of a series of Cobalt Strike/meterpreter payloads that use reflective DLL injection techniques to push the malware directly into memory. Read more on Sophos. Related: A Conti ransomware attack day-by-day Related: What to expect when you’ve been hit with Conti ransomware DataBreaches.netRead More