Ransomware
Conti
aka Wizard Spider · Ryuk successor
A ruthless ransomware-as-a-service operation run as a criminal enterprise, whose 2022 internal leaks exposed its inner workings before it rebranded.
Conti was one of the most prolific and aggressive ransomware-as-a-service operations, active from 2020. Operated by the Wizard Spider crew as a successor to Ryuk, Conti ran like a company — with salaries, HR, and performance reviews — and was known for fast encryption and brutal double extortion.
High-profile attacks
Conti hit healthcare and government targets, most infamously crippling Ireland's Health Service Executive (HSE) in 2021 and effectively the government of Costa Rica in 2022. Incident timelines are tracked on Cyber Breaches.
The Conti Leaks
After Conti publicly backed Russia's 2022 invasion of Ukraine, an insider leaked tens of thousands of internal chat messages and source code, exposing its structure and tooling. The group fractured and rebranded into smaller operations (Black Basta, BlackByte, Royal). A builder teardown lives on the Reverse Engineering Hub.
Defense
Harden RDP/VPN, segment Active Directory, keep offline backups, and respond to TrickBot/BazarLoader as pre-ransomware activity.