Are you a victim of the Conti Ransomware?

Threat Advisories

Are you a victim of the Conti Ransomware?


For a detailed advisory, download the pdf file here.

Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the rise in Conti ransomware attacks. To avoid becoming a victim of Conti ransomware, the Hive Pro Threat Research team suggested you patch these vulnerabilities.

The techniques used by the Conti includes:

  • T1078 – Valid Accounts
  • T1133 – External Remote Services
  • T1566.001 – Phishing: Spearphishing Attachment
  • T1566.002 – Phishing: Spearphishing Link
  • T1059.003 – Command and Scripting Interpreter: Windows Command Shell
  • T1106 – Native API
  • T1055.001 – Process Injection: Dynamic-link Library Injection
  • T1027 – Obfuscated Files or Information
  • T1140 – Deobfuscate/Decode Files or Information
  • T1110 – Brute Force
  • T1558.003 – Steal or Forge Kerberos Tickets: Kerberoasting
  • T1016 – System Network Configuration Discovery
  • T1049 – System Network Connections Discovery
  • T1057 – Process Discovery
  • T1083 – File and Directory Discovery
  • T1135 – Network Share Discovery
  • T1021.002 – Remote Services: SMB/Windows Admin Shares
  • T1080 – Taint Shared Content
  • T1486 – Data Encrypted for Impact
  • T1489 – Service Stop
  • T1490 – Inhibit System Recovery

Actor Details

Vulnerability Details

Indicators of Compromise (IoCs)


Patch Links