What is the difference between ContiCrypt, Conti and CONTI in the naming of Microsoft Defender Antivirus?

Frank 0 Reputation points
2024-02-22T15:16:15.92+00:00

Conti is a ransomware family which encrypts the files on the system once the malicious file is executed. Microsoft Defender Antivirus names the malware according to this post. However, for the Conti malware family, I found 3 different names for this ransomware and I was wondering if there is a difference in them or if it's the same family.
Within the same family, the difference is already made between variants and even further using suffixes, so I was wondering if these are completely different families on their own. As the title says, the malware families in question are:

  • ContiCrypt
  • Conti
  • CONTI

Some examples of names I have received from Defender:

  • Ransom:Win32/ContiCrypt.MFP!MTB
  • Ransom:Win32/Conti.AD!MTB
  • Ransom:Win32/CONTI.DC!MTB

I'm currently researching the differences between different variants of the same malware family and was using Defender to check for true and false positives. However, I could not find any general information or list of existing malware families in Defender's database, which led me to this forum.

Thanks a lot in advance!

Kind regards,

Frank

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.