The rar email attachment contains an exe: the malware itself. This, if opened, activates the infection chain.
Carbon Black: It’s dubbed Conti and is a new ransomware with unique peculiarities. The malware exploits WRM and many independent threads for encryption. In addition, it can control how to scan data and target only SMBs
There is a new family of ransomware in the wild, it’s called Conti and has been discovered by Carbon Black’s cyber security researchers. The malware has some unique peculiarities that make it more dangerous than its peers. First, it uses a large number of independent threads for encoding (up to 32 simultaneously). This makes it much faster than other malicious codes of the same type. In addition, it takes advantage of command line options that allow it to control how to scan data. The feature makes experts speculate that cybercrime manages it and distributes it directly. Moreover, it is also capable of “skipping” the encryption of local files, targeting only SMBs. Until now, such a skill has only been seen with Sodinokibi (REvil). Finally, it use the Windows Restart Manager to ensure that all files can be encrypted.