.CONTI File Extension

CONTI ransomware is a type of malware utilized by a gang of unidentified cybercriminals. It is also a ransomware-as-a-service (RaaS) offering, which cybercriminals can purchase to deploy attacks.

The ransomware first surfaced in December 2019, and became prevalent in May 2020. It is believed to be a successor to the Ryuk ransomware, and may attack all types of users but primarily targets government organizations.

How did my computer get infected?

The ransomware is typically distributed via email attachments, torrent website downloads, and malicious advertisements. When you download and open an infected file attachment, a malicious file from a torrent website, or malware embedded in an advertisement, the CONTI virus runs on your computer.

What does the CONTI ransomware do to my files?

Once introduced to your computer, the ransomware takes your files hostage by encrypting them and adding the .conti extension onto the names of your files. The types of files typically targeted include personal documents, images, videos, and backup files, such as .DOCX, .XLSX, .PDF, and .MP4 files. For example, a document.pdf file becomes document.pdf.conti or document.pdf.CONTI.

The virus then generates a CONTI_README.txt file in every folder that stores an infected file. The .TXT file contains information explaining the hostile takeover of your files and how you can recover your files by paying a ransom, which we do not recommend.

NOTE: If you are an organization that stores sensitive information, the cybercriminals may have stolen the information and might threaten to publish it online.

Since CONTI files are encrypted with advanced encryption, you cannot open them by simply changing the .conti file extension back to the original extension. Currently, there is no program available to effectively restore infected files.

If you have a recent backup of your files, you can perform a system restore to remove the virus, but any changes made to files after the backup was made will be lost.