The Conti ransomware group —a.k.a. Wizard Spider; a.k.a. TrickBot; a.k.a Ryuk—is one of the most prolific ransomware gangs around. It is believed to have been active, in various incarnations, since about 2016. Just in the last year, Conti is believed to be responsible for high profile attacks, including the city government in Tulsa, Oklahoma and Ireland's Health Executive service in May, 2021.

Even as leading ransomware groups like REvil and Darkside have folded in recent months, Conti is getting renewed attention from cybersecurity experts. The group, CISA warns, has been linked to more than 1,000 attacks on U.S. and international organizations while “Conti cyber threat actors remain active.”

Why? In our latest episode of the ConversingLabs Podcast, ConversingLabs host Paul Roberts sat down with Yelisey Boguslavskiy, a co-founder of the threat intelligence firm AdvIntel, to talk about Conti’s evolution in recent years, and why the group continues to be such a potent threat.

According to Boguslavskiy, Conti’s continued vitality reflects a long-running practice of tightly controlled and highly vertical business operations. That runs counter to the predominant “ransomware as a service” model of “quantity over quality:" farming work out to pretty much anyone interested in making a buck and counting on a small number of scores from a large base of attacks. “This is something Conti never really followed in their methodology,” Boguslavskiy said.