Conti_locker.7z [1080p 2025]

Widely used in the leaks for lateral movement and command-and-control (C2) within a compromised network.

The group not only encrypted data but exfiltrated it, threatening to publish it on their "Conti News" site if the ransom was not paid. conti_locker.7z

Used for Active Directory enumeration to map the network and locate sensitive data. Widely used in the leaks for lateral movement

Detailed in chat logs, targeting Shadow Protect SPX (StorageCraft) backups, using SQL commands to target databases, and creating NTDS dumps for offline Active Directory cracking. targeting Shadow Protect SPX (StorageCraft) backups

Utilizes a combination of AES-256 and RSA-4096 for file encryption, making decryption impossible without the private key.

Appends a specific, often randomized, extension to encrypted files.

Employed to harvest credentials (RDP, FTP, SSH) from memory.