Conti (defunct) Ransomware: Indicators of Compromise, Victims & Defense

fingerprintDossier

Active since: Tracked on public leak sites
Origin / attribution: Unattributed
Known aliases: None publicly tracked.
Common initial access: Valid credentials, exposed remote services, phishing.
TTPs & tradecraft: Double-extortion: data theft, encryption, leak-site shaming.

publicTop countries hit

United States11

Canada2

Ireland1

United Kingdom1

factoryTop sectors targeted

Healthcare and Public Health6

Government Facilities3

Transportation Systems3

Communication2

Education Facilities1

Commercial Facilities1

Financial1

Information Technology1

historyRecent named victims

Alliance Steel

07 Jun 2022

LCRD

25 May 2022

The Contact Company

25 May 2022

Central Restaurant Products

24 May 2022

Schaumburg Park District

24 May 2022

RateGain

24 May 2022

Imenco AS

23 May 2022

Concepts in Millwork

23 May 2022

Eurofred

23 May 2022

Agile Sourcing Partners

23 May 2022

Alimentos y Frutos S.A.

23 May 2022

Worksoft

23 May 2022

Omicron Consulting S.r.L

23 May 2022

Pianca

23 May 2022

Allcat Claims Service

23 May 2022

Sourced from open leak-site monitoring · Generated 20 Apr 2026

shield_lockConti (defunct) defense checklist

check_circleEnforce phishing-resistant MFA on every VPN, remote desktop, email, and SaaS admin account.

check_circlePatch perimeter gear (VPN, firewall, file-transfer, hypervisor) within 72 hours of vendor advisories.

check_circleSegment ESXi management from domain accounts; disable vSphere SSH unless in use.

check_circleTier admin credentials — no shared local-admin, rotate break-glass accounts monthly.

check_circleDeploy EDR across servers & DCs; alert on Rclone, WinSCP, MegaCmd, and suspicious PowerShell.

check_circleImmutable, offline backups tested quarterly with measured RTO/RPO.

check_circleBlock outbound on unused ports; restrict egress to vetted CDNs and update servers.

check_circleHunt for dropped vulnerable drivers used to kill EDR (BYOVD patterns).

check_circleRun an annual tabletop modelled on Conti (defunct)'s latest playbook.

check_circleHave an IR retainer identified before you need it.

Worried Conti (defunct) will land on you?

We run focused VAPT, ransomware-readiness reviews, and purple-team exercises tuned to the playbook this crew actually uses.

Book a scope call