Talk:Conti (ransomware)

Ransomware or a ransomware group?
Perhaps both? Relation to Wizard Spider? The article currently includes material on both the malware and an eponymous group. Yet the hatnote and article name would suggest malware. --Palosirkka (talk) 05:51, 17 April 2022 (UTC)
 * I agree that it refers to both - I think originally it was about the malware, but drifted to include both. I'm not sure what a suitable new name would be - perhaps a separate page for the Conti Group? Autarch (talk) 16:20, 21 May 2022 (UTC)
 * Admittedly, I'm not 100% sure if Wizard Spider and the Conti Group are the same or merely overlap in some members.Autarch (talk) 16:22, 21 May 2022 (UTC)
 * Hello,
 * Looked into this myself today. Found several sources which corroborate that it is primarily a family of ransomware variants, as well as a Ransomware as a Service (RaaS) operation made up of a core group (likely Wizard Spider since they developed it originally) and "recruited affiliates" which help with specific, but peripheral parts of the operation.
 * This info is from MITRE ATT&CK (publicly available framework for tracking threat actor groups, as well as malware like Conti) and CISA (US government agency).
 * All that being said, I think it is primarily malware. But because Wizard Spider offers Ransomware as a service which employs Conti (as seen in the TTPs discovered by forensic/ threat intelligence teams during and after an incident), it is often referred as a 'group' in articles etc..
 * I think calling it a 'group' is erroneous since it is not a hacking 'group' in the same way that, say, Wizard Spider or APT19 is a group.
 * I tried to reflect this in my recent edit. AnaisCarver (talk) 23:17, 31 May 2024 (UTC)

Should the Known Targets section add Costa Rica institutions?
They have been attacked for the past month or so. The attack was directed at the Institution responsible for the Treasury — Preceding unsigned comment added by 201.198.177.255 (talk) 05:16, 19 May 2022 (UTC)