Widely used in the leaks for lateral movement and command-and-control (C2) within a compromised network.
Optimized for fast encryption, focusing on databases, backups, and critical file types, while skipping system files to keep the OS running for the ransom note display. conti_locker.7z
Employed to harvest credentials (RDP, FTP, SSH) from memory. Widely used in the leaks for lateral movement
Used for Active Directory enumeration to map the network and locate sensitive data. focusing on databases